CVE-2025-33079

CWE-256CWE-522Insufficiently Protected Credentials3 documents3 sources
Severity
6.5MEDIUM
EPSS
0.2%
top 63.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Cognos ControllerIBM Controller
Timeline
PublishedMay 27

Description

IBM Controller 11.0.0, 11.0.1, and 11.1.0 application could allow an authenticated user to obtain sensitive credentials that may be inadvertently included within the source code.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

CVEListV5ibm/controller11.1.0
NVDibm/controller11.1.0
CVEListV5ibm/cognos_controller11.0.0, 11.0.1
NVDibm/cognos_controller11.0.0, 11.0.1+1

🔴Vulnerability Details

2
GHSA
GHSA-4777-jjjg-6mxh: IBM Controller 112025-05-27
CVEList
IBM Controller information disclosure2025-05-27
CVE-2025-33079 (MEDIUM CVSS 6.5) | IBM Controller 11.0.0 | cvebase.io