CVE-2025-36102
published 2025-12-08CVE-2025-36102: IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0 through 11.0.1 FP6 could allow a privileged user to bypass validation, passing user input…
low2.7CVSS 3.1
AVNACLPRHUINSUCNILAN
IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0 through 11.0.1 FP6 could allow a privileged user to bypass validation, passing user input into the application as trusted data, due to client-side enforcement of server-side security.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ibm | cognos_controller | >= 11.0.0 < 11.0.1.7 | 11.0.1.7 |
| ibm | cognos_controller | 11.0.0 – 11.0.1 FP6 | — |
| ibm | controller | >= 11.1.0 < 11.1.2 | 11.1.2 |
| ibm | controller | 11.1.0 – 11.1.1 | — |