← back
CVE-2025-36326

IBM Controller information disclosure

CVSS 3.7 LOWEPSS 0.2%CWE-321
Vexday Risk Score
8Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 3.7EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch referenciado
Lifecycle
26 Sep 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
IBM Cognos Controller 11.0.0 through 11.0.1, and IBM Controller 11.1.0 through 11.1.1 could allow an attacker to obtain sensitive information due to the use of hardcoded cryptographic keys for signing session cookies.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected products
IBM · Cognos ControllerIBM · Controller

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.ibm.com/support/pages/node/7246015