CVE-2025-36326

🗓️ 26 Sep 2025 14:20:46Reported by ibmType

IBM Cognos Controller 11.0.0–11.0.1 and IBM Controller 11.1.0–11.1.1 expose data due to hardcoded keys signing cookies.

Reporter	Title	Published	Views	Family All 10
IBM Security Bulletins	Security Bulletin: IBM Controller is vulnerable to exposure of sensitive information	14 Jan 202623:57	–	ibm
Circl	CVE-2025-36326	26 Sep 202514:52	–	circl
CNNVD	IBM Cognos Controller和IBM Controller 安全漏洞	26 Sep 202500:00	–	cnnvd
CNVD	IBM Cognos Controller and IBM Controller Encryption Issues Vulnerabilities	28 Sep 202500:00	–	cnvd
Cvelist	CVE-2025-36326 IBM Controller information disclosure	26 Sep 202514:20	–	cvelist
EUVD	EUVD-2025-31354	3 Oct 202520:07	–	euvd
NVD	CVE-2025-36326	26 Sep 202515:16	–	nvd
Positive Technologies	PT-2025-39647	26 Sep 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-36326	27 Sep 202514:50	–	redhatcve
Vulnrichment	CVE-2025-36326 IBM Controller information disclosure	26 Sep 202514:20	–	vulnrichment

NVD

Vulners

Node

ibm cognos_controllerRange11.0.0–11.0.1

ibm controllerRange11.1.0–11.1.1

[
  {
    "cpes": [
      "cpe:2.3:a:ibm:cognos_controller:11.0.0:*:*:*:*:*:*:*",
      "cpe:2.3:a:ibm:cognos_controller:11.0.1:*:*:*:*:*:*:*"
    ],
    "defaultStatus": "unaffected",
    "product": "Cognos Controller",
    "vendor": "IBM",
    "versions": [
      {
        "lessThanOrEqual": "11.0.1",
        "status": "affected",
        "version": "11.0.0",
        "versionType": "semver"
      }
    ]
  },
  {
    "cpes": [
      "cpe:2.3:a:ibm:controller:11.1.0:*:*:*:*:*:*:*",
      "cpe:2.3:a:ibm:controller:11.1.1:*:*:*:*:*:*:*"
    ],
    "defaultStatus": "unaffected",
    "product": "Controller",
    "vendor": "IBM",
    "versions": [
      {
        "lessThanOrEqual": "11.1.1",
        "status": "affected",
        "version": "11.1.0",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
ibm	www.ibm.com/support/pages/node/7246015

03 Oct 2025 19:14Current

6Medium risk

Vulners AI Score6

CVSS 3.13.7 - 7.5

EPSS0.0003

SSVC

CWE-321