CVE-2025-36105
Information Disclosure via Environment Variables in IBM Planning Analytics Containers
Publication date: 2026-03-10
Last updated on: 2026-05-06
Assigner: IBM Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ibm | planning_analytics_advanced_certified_containers | From 3.1.0 (inc) to 3.1.5 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-312 | The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere. |
| CWE-526 | The product uses an environment variable to store unencrypted sensitive information. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-36105 is a vulnerability in IBM Planning Analytics Advanced Certified Containers versions 3.1.0 through 3.1.4. It allows a local privileged user to obtain sensitive information stored in environment variables. This is a sensitive information disclosure flaw classified under CWE-526, which involves the cleartext storage of sensitive information in environment variables.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing a local user with high privileges to access sensitive information that is stored in environment variables. Although it requires local access and high privileges, the confidentiality of sensitive data is compromised, which could lead to unauthorized disclosure of critical information.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves a local privileged user accessing sensitive information stored in environment variables within IBM Planning Analytics Advanced Certified Containers versions 3.1.0 through 3.1.4.
Detection would require verifying the version of IBM Planning Analytics Advanced Certified Containers installed on the system to see if it falls within the vulnerable range (3.1.0 through 3.1.4).
Since the vulnerability is local and related to environment variables, there are no specific network detection commands provided.
- Check the installed version of IBM Planning Analytics Advanced Certified Containers, for example by running a command or checking the software version via its management interface.
- Review environment variables accessible to privileged users to identify if sensitive information is exposed.
What immediate steps should I take to mitigate this vulnerability?
IBM has addressed this vulnerability by releasing version 3.1.5 of IBM Planning Analytics Advanced Certified Containers.
There are no workarounds or mitigations provided other than upgrading.
- Upgrade IBM Planning Analytics Advanced Certified Containers to version 3.1.5 or later as soon as possible.