CVE-2025-36105 PUBLISHED

IBM Planning Analytics Advanced Certified Containers is vulnerable to a sensitive information disclosure vulnerability

Assigner: ibm
Reserved: 15.04.2025 Published: 10.03.2026 Updated: 10.03.2026

IBM Planning Analytics Advanced Certified Containers 3.1.0 through 3.1.4 could allow a local privileged user to obtain sensitive information from environment variables.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
CVSS Score: 4.4

Attack Vector	Local	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	High
Privileges Required	High	Integrity Impact	None
User Interaction	None	Availability Impact	None

CVSS 3.1

Product Status

Vendor	IBM
Product	Planning Analytics Advanced Certified Containers
Versions	affected from 3.1.0 to 3.1.4 (incl.)

Solutions

Affected Product(s)VersionFixIBM Planning Analytics Advanced Certified Containers3.1.0 - 3.1.4 IBM Planning Analytics Advanced Certified Containers 3.1.5 is now available https://www.ibm.com/support/pages/node/7261546

References

https://www.ibm.com/support/pages/node/7262806

Problem Types

CWE-526 Cleartext Storage of Sensitive Information in an Environment Variable CWE