IBM Planning Analytics Vulnerabilities Allow DoS, Info Disclosure
Summary
CERT-Bund has issued a security advisory for IBM Planning Analytics, detailing multiple vulnerabilities. These flaws, with a CVSS base score of 7.5, can be exploited for denial of service, information disclosure, and bypass of security measures. The advisory applies to versions prior to 2.1.18.
What changed
CERT-Bund has released a security advisory (WID-SEC-2026-0759) concerning multiple vulnerabilities in IBM Planning Analytics, affecting versions prior to 2.1.18 on Linux, UNIX, and Windows operating systems. The vulnerabilities have a CVSS base score of 7.5 (high) and a temporal score of 6.7 (medium), allowing remote attackers to perform denial of service attacks, disclose information, and bypass security controls.
Organizations using IBM Planning Analytics should immediately review their installed versions and apply available mitigations or updates to address these security risks. Failure to do so could result in significant operational disruption and sensitive data exposure. The advisory indicates that mitigation is available, and users are advised to consult the provided links for specific details and affected product versions.
What to do next
- Review installed versions of IBM Planning Analytics for versions prior to 2.1.18.
- Consult CERT-Bund advisory WID-SEC-2026-0759 for available mitigation steps and apply them.
- Monitor for vendor patches and updates from IBM.
Source document (simplified)
[WID-SEC-2026-0759] IBM Planning Analytics: Mehrere Schwachstellen CVSS Base Score 7.5 (hoch) CVSS Temporal Score 6.7 (mittel) Remoteangriff ja Datum 17.03.2026 Stand 18.03.2026 Mitigation ja
Betroffene Systeme
Betriebssystem
- Linux
- UNIX
- Windows
Produktbeschreibung
IBM Planning Analytics ist eine Softwarelösung für Unternehmensplanung und -analyse, die Budgetierung, Forecasting und Reporting unterstützt.
Produkte
17.03.2026
- IBM Planning Analytics <2.1.18
Angriff
Angriff
Ein Angreifer kann mehrere Schwachstellen in IBM Planning Analytics ausnutzen, um einen Denial of Service Angriff durchzuführen, um Informationen offenzulegen, und um Sicherheitsvorkehrungen zu umgehen. CVE Informationen Versionshistorie Feedback zum Advisory geben
Related changes
Source
Classification
Who this affects
Taxonomy
Browse Categories
Get Data Privacy & Cybersecurity alerts
Weekly digest. AI-summarized, no noise.
Free. Unsubscribe anytime.
Get alerts for this source
We'll email you when CERT-Bund Security Advisories publishes new changes.