CVE-2025-36102

Published: Dec 8, 2025Modified: Dec 10, 2025

2.7

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

Exploitability: 1.2 / Impact: 1.4

Source: psirt@us.ibm.com (Secondary)

Description

IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0 through 11.0.1 FP6 could allow a privileged user to bypass validation, passing user input into the application as trusted data, due to client-side enforcement of server-side security.

Affected (2)

Products: Ibm: Cognos Controller, Controller

2 products

Cognos Controller

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Ibm Cognos Controller	From 11.0.0 to 11.0.1.7
Ibm Controller	From 11.1.0 to 11.1.2

Related CWEs

Client-Side Enforcement of Server-Side Security

The product is composed of a server that relies on the client to implement a mechanism that is intended to protect the server.

References (1)

https://www.ibm.com/support/pages/node/7253273

Source: psirt@us.ibm.com

Vendor Advisory

Timeline

No history available yet.