CVE-2025-36326 | THREATINT

Description

IBM Cognos Controller 11.0.0 through 11.0.1, and IBM Controller 11.1.0 through 11.1.1 could allow an attacker to obtain sensitive information due to the use of hardcoded cryptographic keys for signing session cookies.

PUBLISHED Reserved 2025-04-15 | Published 2025-09-26 | Updated 2025-09-26 | Assigner ibm

LOW: 3.7CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Problem types

CWE-321 Use of Hard-coded Cryptographic Key

Product status

Default status

unaffected

11.0.0

affected

Default status

unaffected

11.1.0

affected

References

www.ibm.com/support/pages/node/7246015 vendor-advisory patch

cve.org (CVE-2025-36326)

nvd.nist.gov (CVE-2025-36326)

Download JSON