Primary

Context

IBM Cognos Controller and IBM Controller Session Cookie Signing Vulnerability Allowing Sensitive Information Disclosure

Vulnerability

A vulnerability exists in IBM Cognos Controller versions 11.0.0 to 11.0.1 and IBM Controller versions 11.1.0 to 11.1.1. The issue arises from the use of hardcoded cryptographic keys for signing session cookies, which could allow an attacker to obtain sensitive information.

Impact

Exploitation of this vulnerability could lead to the unauthorized disclosure of sensitive information.

Remediation

Users are advised to apply the available interim fix through IBM Fix Central. Instructions for downloading the patch are available on the IBM Support page.

Added: Sep 26, 2025, 3:59 PM

Updated: Sep 26, 2025, 3:59 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

7.0

remediation

7.7

relevance

0.6

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

7.0

remediation

7.7

relevance

0.6

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

IBM Cognos Controller and IBM Controller Session Cookie Signing Vulnerability Allowing Sensitive Information Disclosure

Vulnerability

Impact

Remediation

Affected Products

IBM Cognos Controller

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating