CVE-2025-36017Cleartext Storage of Sensitive Information in an Environment Variable in IBM Controller

CWE-526Cleartext Storage of Sensitive Information in an Environment Variable3 documents3 sources
Severity
6.5MEDIUMNVD
EPSS
0.1%
top 83.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Controller
Timeline
PublishedDec 8
Latest updateDec 9

Description

IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0 through 11.0.1 FP6 stores unencrypted sensitive information in environmental variables files which can be obtained by an authenticated user.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDibm/controller11.1.011.1.2
CVEListV5ibm/controller11.1.011.1.1

🔴Vulnerability Details

2
GHSA
GHSA-xr9w-r8gw-wjhw: IBM Controller 112025-12-09
CVEList
IBM Controller Information Disclosure2025-12-08
CVE-2025-36017 — IBM Controller vulnerability | cvebase