CVE-2025-36326

CWE-3213 documents3 sources
Severity
7.5HIGH
EPSS
0.0%
top 92.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Cognos ControllerIBM Controller
Timeline
PublishedSep 26

Description

IBM Cognos Controller 11.0.0 through 11.0.1, and IBM Controller 11.1.0 through 11.1.1 could allow an attacker to obtain sensitive information due to the use of hardcoded cryptographic keys for signing session cookies.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 2.2 | Impact: 1.4

Affected Packages4 packages

CVEListV5ibm/cognos_controller11.0.011.0.1
NVDibm/cognos_controller11.0.011.0.1
CVEListV5ibm/controller11.1.011.1.1
NVDibm/controller11.1.011.1.1

🔴Vulnerability Details

2
CVEList
IBM Controller information disclosure2025-09-26
GHSA
GHSA-v5pr-8475-3jq8: IBM Cognos Controller 112025-09-26
CVE-2025-36326 (HIGH CVSS 7.5) | IBM Cognos Controller 11.0.0 throug | cvebase.io