{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-14806", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2025-12-16T22:13:03.714Z", "datePublished": "2026-03-17T21:50:21.639Z", "dateUpdated": "2026-03-18T14:49:19.048Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2026-03-17T21:50:21.639Z"}, "title": "IBM Planning Analytics Information Disclosure", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-524", "description": "CWE-524 Use of Cache Containing Sensitive Information", "type": "CWE"}]}], "affected": [{"vendor": "IBM", "product": "Planning Analytics Local", "versions": [{"status": "affected", "version": "2.1.0", "lessThanOrEqual": "2.1.17", "versionType": "semver"}], "cpes": ["cpe:2.3:a:ibm:planning_analytics_local:2.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:planning_analytics_local:2.1.17:*:*:*:*:*:*:*"]}], "descriptions": [{"lang": "en", "value": "IBM Planning Analytics Local 2.1.0 through 2.1.17 could allow an attacker to trick the caching mechanism into storing and serving sensitive, user-specific responses as publicly cacheable resources.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>IBM Planning Analytics Local 2.1.0 through 2.1.17 could allow an attacker to trick the caching mechanism into storing and serving sensitive, user-specific responses as publicly cacheable resources.</p>"}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7263581", "tags": ["vendor-advisory", "patch"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM", "baseScore": 5.7, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"}}], "solutions": [{"lang": "en", "value": "Remediation/Fixes It is strongly recommended that you apply the most recent security updates: Affected Product(s) Version(s) Fix IBM Planning Analytics Local 2.1.0 - 2.1.17 IBM Planning Analytics Local 2.1.18 is now available for download from Fix Central IBM Planning Analytics Cloud environment has been remediated.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>Remediation/Fixes It is strongly recommended that you apply the most recent security updates: Affected Product(s) Version(s) Fix IBM Planning Analytics Local 2.1.0 - 2.1.17 IBM Planning Analytics Local 2.1.18 is now available for download from Fix Central IBM Planning Analytics Cloud environment has been remediated.</p>"}]}], "x_generator": {"engine": "ibm-cvegen"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-18T14:48:56.000875Z", "id": "CVE-2025-14806", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-18T14:49:19.048Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-14806", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-18T14:48:56.000875Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-18T14:49:12.236Z"}}], "cna": {"title": "IBM Planning Analytics Information Disclosure", "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.7, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"cpes": ["cpe:2.3:a:ibm:planning_analytics_local:2.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:planning_analytics_local:2.1.17:*:*:*:*:*:*:*"], "vendor": "IBM", "product": "Planning Analytics Local", "versions": [{"status": "affected", "version": "2.1.0", "versionType": "semver", "lessThanOrEqual": "2.1.17"}]}], "solutions": [{"lang": "en", "value": "Remediation/Fixes It is strongly recommended that you apply the most recent security updates: Affected Product(s) Version(s) Fix IBM Planning Analytics Local 2.1.0 - 2.1.17 IBM Planning Analytics Local 2.1.18 is now available for download from Fix Central IBM Planning Analytics Cloud environment has been remediated.", "supportingMedia": [{"type": "text/html", "value": "<p>Remediation/Fixes It is strongly recommended that you apply the most recent security updates: Affected Product(s) Version(s) Fix IBM Planning Analytics Local 2.1.0 - 2.1.17 IBM Planning Analytics Local 2.1.18 is now available for download from Fix Central IBM Planning Analytics Cloud environment has been remediated.</p>", "base64": false}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7263581", "tags": ["vendor-advisory", "patch"]}], "x_generator": {"engine": "ibm-cvegen"}, "descriptions": [{"lang": "en", "value": "IBM Planning Analytics Local 2.1.0 through 2.1.17 could allow an attacker to trick the caching mechanism into storing and serving sensitive, user-specific responses as publicly cacheable resources.", "supportingMedia": [{"type": "text/html", "value": "<p>IBM Planning Analytics Local 2.1.0 through 2.1.17 could allow an attacker to trick the caching mechanism into storing and serving sensitive, user-specific responses as publicly cacheable resources.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-524", "description": "CWE-524 Use of Cache Containing Sensitive Information"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2026-03-17T21:50:21.639Z"}}}, "cveMetadata": {"cveId": "CVE-2025-14806", "state": "PUBLISHED", "dateUpdated": "2026-03-18T14:49:19.048Z", "dateReserved": "2025-12-16T22:13:03.714Z", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "datePublished": "2026-03-17T21:50:21.639Z", "assignerShortName": "ibm"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:planning_analytics_local:*:*:*:*:*:*:*:*", "matchCriteriaId": "43E47EAC-8441-44FC-898B-AFFA578AAE37", "versionEndExcluding": "2.1.18", "versionStartIncluding": "2.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM Planning Analytics Local 2.1.0 through 2.1.17 could allow an attacker to trick the caching mechanism into storing and serving sensitive, user-specific responses as publicly cacheable resources."}, {"lang": "es", "value": "IBM Planning Analytics Local 2.1.0 hasta 2.1.17 podr\u00eda permitir a un atacante enga\u00f1ar al mecanismo de cach\u00e9 para que almacene y sirva respuestas sensibles y espec\u00edficas del usuario como recursos p\u00fablicamente almacenables en cach\u00e9."}], "id": "CVE-2025-14806", "lastModified": "2026-03-19T14:43:11.403", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 3.6, "source": "psirt@us.ibm.com", "type": "Primary"}]}, "published": "2026-03-17T22:16:13.903", "references": [{"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/7263581"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-524"}], "source": "psirt@us.ibm.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[2.1.0,2.1.17]"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Planning Analytics Local", "source": "cna", "vendor": "IBM"}, "product": "planning_analytics_local", "vendor": "ibm"}], "analysis": {"en": {"generated_at": "2026-03-19T15:32:31.598980+00:00", "value": {"mitigation_remediation": ["Apply IBM Planning Analytics Local 2.1.18 patch from Fix Central", "Verify that your system is not running any affected version (2.1.0\u20112.1.17) and upgrade immediately if it is", "Review and adjust cache policies to mark sensitive data as private or non\u2011cacheable", "Regularly monitor IBM\u2019s security advisories for updates or new mitigations"], "summary": {"action": "Apply Patch", "impact": "Information Disclosure"}, "threat_synthesis": {"affected_systems": "Affected versions include IBM Planning Analytics Local 2.1.0 through 2.1.17. The latest fixed release is 2.1.18, available from IBM Fix Central. The product runs on environments such as Microsoft Windows, as indicated by the CPE.", "description_and_impact": "The vulnerability arises when the caching mechanism in IBM Planning Analytics Local incorrectly marks user\u2011specific responses as publicly cacheable, enabling an attacker to retrieve sensitive information that should remain private. Key weakness: CWE\u2011524 Sensitive Information Exposure via Cache. The result is potential data exposure of confidential user data, violating confidentiality.", "risk_and_exploitability": "CVSS score 5.7 indicates moderate severity. EPSS is below 1\u202f%, suggesting low likelihood of exploitation at present, and the flaw is not listed in CISA\u2019s KEV catalog. Attack likely requires the ability to generate a cacheable page, possibly through authenticated requests, though the description does not specify authentication. The risk is moderate in organizations that rely on caching for performance but expose sensitive user data."}}}}, "created": "2026-03-18T10:42:43.538078+00:00", "updated": "2026-03-24T10:54:32.419090+00:00", "vendors": ["ibm", "ibm$PRODUCT$planning_analytics_local"]}