CVE-2025-36437
BaseFortify
Publication date: 2025-12-09
Last updated on: 2025-12-09
Assigner: IBM Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ibm | planning_analytics_local | 2.1.0 |
| ibm | planning_analytics_local | 2.1.15 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-209 | The product generates an error message that includes sensitive information about its environment, users, or associated data. |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to upgrade IBM Planning Analytics Local to version 2.1.16, which addresses the sensitive information disclosure issue. No workarounds or alternative mitigations are provided, so applying the latest security update is essential. [1]
Can you explain this vulnerability to me?
This vulnerability in IBM Planning Analytics Local versions 2.1.0 to 2.1.15 could disclose sensitive information about the server architecture, which could be used by attackers to facilitate further attacks against the system.
How can this vulnerability impact me? :
The vulnerability could lead to unauthorized disclosure of sensitive server architecture information, potentially enabling attackers to plan and execute more effective attacks against your system, thereby increasing security risks.