Information Disclosure Vulnerability in IBM Cognos Controller by IBM
CVE-2025-36326
3.7LOW
What is CVE-2025-36326?
An information disclosure vulnerability exists in IBM Cognos Controller and IBM Controller products due to the presence of hardcoded cryptographic keys used for signing session cookies. This security flaw may allow attackers to gain access to sensitive information by manipulating session cookies, potentially compromising the confidentiality of user data. Users are advised to implement patches available from IBM to mitigate this risk.
Affected Version(s)
Cognos Controller 11.0.0 <= 11.0.1
Controller 11.1.0 <= 11.1.1
References
CVSS V3.1
Score:
3.7
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved