CVE-2025-36326

Published: Sep 26, 2025Modified: Oct 3, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

IBM Cognos Controller 11.0.0 through 11.0.1, and IBM Controller 11.1.0 through 11.1.1 could allow an attacker to obtain sensitive information due to the use of hardcoded cryptographic keys for signing session cookies.

Affected (2)

Products: Ibm: Cognos Controller, Controller

Ibm

2 products

Cognos Controller

Controller

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Ibm Cognos Controller	From 11.0.0 to 11.0.1
Ibm Controller	From 11.1.0 to 11.1.1

Related CWEs

CWE-321

Use of Hard-coded Cryptographic Key

The use of a hard-coded cryptographic key significantly increases the possibility that encrypted data may be recovered.

References (1)

https://www.ibm.com/support/pages/node/7246015

Source: psirt@us.ibm.com

Vendor Advisory

Timeline

No history available yet.