Primary

Context

IBM Controller and IBM Cognos Controller Client-Side Validation Bypass Vulnerability

Vulnerability

Patched

A vulnerability exists in IBM Controller versions 11.1.0 through 11.1.1 and IBM Cognos Controller versions 11.0.0 through 11.0.1 FP6, allowing privileged users to bypass validation. This issue arises from client-side enforcement of server-side security, enabling the injection of unvalidated user input into the application as trusted data.

Impact

Exploitation of this vulnerability could lead to unauthorized data manipulation or application behavior, as trusted validation can be bypassed, allowing potentially harmful user input to be accepted by the application.

Remediation

Users are advised to upgrade to IBM Controller version 11.1.2 or IBM Cognos Controller version 11.0.1 FP7. Instructions for downloading these versions are available on the IBM Support website.

Added: Dec 8, 2025, 10:20 PM

Updated: Dec 8, 2025, 10:20 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

5.0

exploitability

4.4

remediation

7.7

relevance

1.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

5.0

exploitability

4.4

remediation

7.7

relevance

1.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

IBM Controller and IBM Cognos Controller Client-Side Validation Bypass Vulnerability

Vulnerability

Impact

Remediation

Affected Products

IBM Cognos Controller

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating