CVE-2025-36017 | THREATINT

Description

IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0 through 11.0.1 FP6 stores unencrypted sensitive information in environmental variables files which can be obtained by an authenticated user.

PUBLISHED Reserved 2025-04-15 | Published 2025-12-08 | Updated 2025-12-09 | Assigner ibm

MEDIUM: 6.5CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Problem types

CWE-526

Product status

Default status

unaffected

11.1.0 (semver)

affected

References

www.ibm.com/support/pages/node/7253283 vendor-advisory patch

cve.org (CVE-2025-36017)

nvd.nist.gov (CVE-2025-36017)

Download JSON