CVE-2025-36326

LOW

IBM Cognos Controller <11.0.1 - Info Disclosure

Title source: llm

Description

IBM Cognos Controller 11.0.0 through 11.0.1, and IBM Controller 11.1.0 through 11.1.1 could allow an attacker to obtain sensitive information due to the use of hardcoded cryptographic keys for signing session cookies.

References (1)

[Vendor Advisory] https://www.ibm.com/support/pages/node/7246015

Scores

CVSS v3 3.7

EPSS 0.0003

EPSS Percentile 8.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-321

Status published

Products (2)

ibm/cognos_controller 11.0.0 - 11.0.1

ibm/controller 11.1.0 - 11.1.1

Published Sep 26, 2025

Tracked Since Feb 18, 2026