{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-1267", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2026-01-20T21:31:01.796Z", "datePublished": "2026-03-17T21:50:24.914Z", "dateUpdated": "2026-03-18T14:57:13.447Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2026-03-17T21:50:24.914Z"}, "title": "IBM Planning Analytics Information Disclosure", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", "type": "CWE"}]}], "affected": [{"vendor": "IBM", "product": "Planning Analytics Local", "versions": [{"status": "affected", "version": "2.1.0", "lessThanOrEqual": "2.1.17", "versionType": "semver"}], "cpes": ["cpe:2.3:a:ibm:planning_analytics_local:2.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:planning_analytics_local:2.1.17:*:*:*:*:*:*:*"]}], "descriptions": [{"lang": "en", "value": "IBM Planning Analytics Local 2.1.0 through 2.1.17 could allow an unauthorized access to sensitive application data and administrative functionalities due to lack of proper access controls.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>IBM Planning Analytics Local 2.1.0 through 2.1.17 could allow an unauthorized access to sensitive application data and administrative functionalities due to lack of proper access controls.</p>"}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7263581", "tags": ["vendor-advisory", "patch"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}}], "solutions": [{"lang": "en", "value": "Remediation/Fixes It is strongly recommended that you apply the most recent security updates: Affected Product(s) Version(s) Fix IBM Planning Analytics Local 2.1.0 - 2.1.17 IBM Planning Analytics Local 2.1.18 is now available for download from Fix Central IBM Planning Analytics Cloud environment has been remediated.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>Remediation/Fixes It is strongly recommended that you apply the most recent security updates: Affected Product(s) Version(s) Fix IBM Planning Analytics Local 2.1.0 - 2.1.17 IBM Planning Analytics Local 2.1.18 is now available for download from Fix Central IBM Planning Analytics Cloud environment has been remediated.</p>"}]}], "x_generator": {"engine": "ibm-cvegen"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-18T14:56:28.098223Z", "id": "CVE-2026-1267", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-18T14:57:13.447Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-1267", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-18T14:56:28.098223Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-18T14:57:08.392Z"}}], "cna": {"title": "IBM Planning Analytics Information Disclosure", "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"cpes": ["cpe:2.3:a:ibm:planning_analytics_local:2.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:planning_analytics_local:2.1.17:*:*:*:*:*:*:*"], "vendor": "IBM", "product": "Planning Analytics Local", "versions": [{"status": "affected", "version": "2.1.0", "versionType": "semver", "lessThanOrEqual": "2.1.17"}]}], "solutions": [{"lang": "en", "value": "Remediation/Fixes It is strongly recommended that you apply the most recent security updates: Affected Product(s) Version(s) Fix IBM Planning Analytics Local 2.1.0 - 2.1.17 IBM Planning Analytics Local 2.1.18 is now available for download from Fix Central IBM Planning Analytics Cloud environment has been remediated.", "supportingMedia": [{"type": "text/html", "value": "<p>Remediation/Fixes It is strongly recommended that you apply the most recent security updates: Affected Product(s) Version(s) Fix IBM Planning Analytics Local 2.1.0 - 2.1.17 IBM Planning Analytics Local 2.1.18 is now available for download from Fix Central IBM Planning Analytics Cloud environment has been remediated.</p>", "base64": false}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7263581", "tags": ["vendor-advisory", "patch"]}], "x_generator": {"engine": "ibm-cvegen"}, "descriptions": [{"lang": "en", "value": "IBM Planning Analytics Local 2.1.0 through 2.1.17 could allow an unauthorized access to sensitive application data and administrative functionalities due to lack of proper access controls.", "supportingMedia": [{"type": "text/html", "value": "<p>IBM Planning Analytics Local 2.1.0 through 2.1.17 could allow an unauthorized access to sensitive application data and administrative functionalities due to lack of proper access controls.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2026-03-17T21:50:24.914Z"}}}, "cveMetadata": {"cveId": "CVE-2026-1267", "state": "PUBLISHED", "dateUpdated": "2026-03-18T14:57:13.447Z", "dateReserved": "2026-01-20T21:31:01.796Z", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "datePublished": "2026-03-17T21:50:24.914Z", "assignerShortName": "ibm"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:planning_analytics_local:*:*:*:*:*:*:*:*", "matchCriteriaId": "43E47EAC-8441-44FC-898B-AFFA578AAE37", "versionEndExcluding": "2.1.18", "versionStartIncluding": "2.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM Planning Analytics Local 2.1.0 through 2.1.17 could allow an unauthorized access to sensitive application data and administrative functionalities due to lack of proper access controls."}, {"lang": "es", "value": "IBM Planning Analytics Local 2.1.0 hasta 2.1.17 podr\u00eda permitir un acceso no autorizado a datos sensibles de la aplicaci\u00f3n y funcionalidades administrativas debido a la falta de controles de acceso adecuados."}], "id": "CVE-2026-1267", "lastModified": "2026-03-19T14:42:50.190", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "psirt@us.ibm.com", "type": "Primary"}]}, "published": "2026-03-17T22:16:14.120", "references": [{"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/7263581"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "psirt@us.ibm.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[2.1.0,2.1.17]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "inferred", "scores": [{"score": 100.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Planning Analytics Local", "source": "cna", "vendor": "IBM"}, "product": "planning_analytics_local", "vendor": "ibm"}], "analysis": {"en": {"generated_at": "2026-03-19T15:32:21.395211+00:00", "value": {"mitigation_remediation": ["Apply IBM Planning Analytics Local 2.1.18 or later from Fix Central.", "Verify the patch installation and restart relevant services.", "Restrict administrative rights on user accounts that access the Planning Analytics Local instance.", "Monitor access logs for suspicious or abnormal activity.", "Notify end\u2011users of potential exposure and encourage the use of strong authentication practices."], "summary": {"action": "Patch", "impact": "Information Disclosure"}, "threat_synthesis": {"affected_systems": "The affected product is IBM Planning Analytics Local on Windows. All installations running versions 2.1.0 to 2.1.17, inclusive, are vulnerable. IBM recommends applying the fixed release IBM Planning Analytics Local 2.1.18 (or later) from Fix Central; the cloud environment has already been remediated.", "description_and_impact": "IBM Planning Analytics Local versions 2.1.0 through 2.1.17 lack proper access controls, allowing unauthorized users to retrieve sensitive application data and perform administrative functions. The flaw meets CWE\u2011200 and could expose confidential information and configuration details to attackers.", "risk_and_exploitability": "The CVSS score of 6.5 indicates a medium severity vulnerability. The EPSS value of less than 1% suggests exploitation is unlikely but not impossible, and the vulnerability is not listed in the CISA KEV catalog. Based on the description, the attack vector likely requires either unauthenticated or very low\u2011privilege authenticated access to the application, as the root cause is improper access controls. No public exploit is documented in the provided references."}}}}, "created": "2026-03-18T10:42:42.719557+00:00", "updated": "2026-03-24T10:54:31.496257+00:00", "vendors": ["ibm", "ibm$PRODUCT$planning_analytics_local"]}