CVE-2025-36017

Summary

IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0 through 11.0.1 FP6 stores unencrypted sensitive information in environmental variables files which can be obtained by an authenticated user.

Affected Software

VendorProductVersion RangeStatus
IBMController11.1.0 <= 11.1.1affected

Weaknesses

  • CWE-526: CWE-526

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References