CNNVD-202509-4090 Information
CNNVD ID
CNNVD-202509-4090
Related CVE
- CNNVD Published: 2025-09-26
Description (Chinese)
IBM Cognos Controller和IBM Controller都是美国国际商业机器(IBM)公司的产品。IBM Cognos Controller是一套商业智能与计划解决方案。该产品具有流程自动化、财务审计控制、创建和管理财务报告等功能。IBM Controller是一个基于 Web 的财务合并工具。 IBM Cognos Controller 11.0.1及之前版本和IBM Controller 11.1.1及之前版本存在安全漏洞,该漏洞源于使用硬编码加密密钥签名会话cookie,可能导致敏感信息泄露。
Description (English)
IBM Cognos Controller and IBM Controller are products of IBM. IBM Cognos Contractor is a set of business intelligence and plan solutions. The product has functions such as process automation, financial audit control, creation and management of financial reports. IBM Contractor is a web-based financial consolidation tool. There is a security loophole in IBM Cognos Contractors 11.0.1 and previous versions and IBM Contractor 11.1 and previous versions, which stems from the use of hard-coded encryption keys to sign the session cookies, which may lead to the disclosure of sensitive information.
Hazard Level
Critical
Vulnerability Type
其他
Affected Vendor
国际商业机器
Published
2025-09-26
Last Modified
2026-02-24
References
https://www.ibm.com/support/pages/node/7246015 https://access.redhat.com/security/cve/cve-2025-36326
Patch
https://www.ibm.com/support/pages/node/7246015
Share on: