CNNVD-202512-869 Information
CNNVD ID
CNNVD-202512-869
Related CVE
- CNNVD Published: 2025-12-08
Description (Chinese)
IBM Cognos Controller和IBM Controller都是美国国际商业机器(IBM)公司的产品。IBM Cognos Controller是一套商业智能与计划解决方案。该产品具有流程自动化、财务审计控制、创建和管理财务报告等功能。IBM Controller是一个基于 Web 的财务合并工具。 IBM Controller 11.1.0版本至11.1.1版本和IBM Cognos Controller 11.0.0版本至11.0.1 FP6版本存在安全漏洞,该漏洞源于客户端强制执行服务器端安全,可能导致特权用户绕过验证。
Description (English)
IBM Cognos Controller and IBM Controller are products of IBM. IBM Cognos Contractor is a set of business intelligence and plan solutions. The product has functions such as process automation, financial audit control, creation and management of financial reports. IBM Contractor is a web-based financial consolidation tool. IBM Contractors 11.1.0 to 11.1.1 and IBM Cognos Contractors 11.0.0 to 11.01 FP6 have a security loophole, which stems from client-end enforcement server-end security and may result in privileged users circumventing authentication.
Hazard Level
Critical
Vulnerability Type
其他
Affected Vendor
国际商业机器
Published
2025-12-08
Last Modified
2026-02-24
References
https://www.ibm.com/support/pages/node/7253273 https://access.redhat.com/security/cve/cve-2025-36102
Patch
https://www.ibm.com/support/pages/node/7253273
Share on: