Description
IBM Controller 11.0.1, 11.1.0, 11.1.1, and 11.1.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
Published: 2026-05-27
Score: 8.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

IBM Controller 11.0.1, 11.1.0, 11.1.1, and 11.1.2 contain hard‑coded credentials—passwords or cryptographic keys—that the software uses for inbound authentication, outbound communication to external systems, and encryption of internal data. These credentials are embedded in the product rather than obtained from a secure source, allowing an attacker who can reach the controller or read its configuration to authenticate without valid user credentials. Once authenticated, the attacker can leverage administrative interfaces, manipulate internal processes, or gain unauthorized access to sensitive data.

Affected Systems

IBM Controller versions 11.0.1 through 11.1.2 are affected, as identified by the product listing and the CPE entries for those releases.

Risk and Exploitability

The CVSS score of 8.8 indicates a high severity risk. EPSS information is not available, and the vulnerability is not listed in the CISA KEV catalog. Because the hard‑coded credentials are used by the controller for authentication and communication, the likely attack vector is remote network access to the controller’s interfaces. If an attacker can send requests to the controller, they can exploit the embedded credentials to bypass authentication and potentially compromise the entire system.

Generated by OpenCVE AI on May 27, 2026 at 18:22 UTC.

Remediation

Vendor Solution

It is strongly recommended that you apply the most recent security updates: Affected Product(s)Version(s)FixIBM Controller11.0.1 - 11.1.2 https://www.ibm.com/mysupport.

OpenCVE Recommended Actions

  • Apply the latest IBM Controller security updates covering versions 11.0.1 through 11.1.2 as detailed in the vendor advisory.
  • Remove or replace any hard‑coded credentials in the controller configuration, ensuring that authentication and encryption use secure, dynamically managed secrets.
  • Audit external interfaces and access logs for anomalous use of the hard‑coded credentials, and enforce network segmentation to limit exposure of the controller to trusted hosts.

Generated by OpenCVE AI on May 27, 2026 at 18:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 27 May 2026 14:15:00 +0000

Type Values Removed Values Added
Description IBM Controller 11.0.1, 11.1.0, 11.1.1, and 11.1.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
Title IBM Controller is affected by vulnerabilities
First Time appeared Ibm
Ibm controller
Weaknesses CWE-798
CPEs cpe:2.3:a:ibm:controller:11.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:controller:11.1.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:controller:11.1.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:controller:11.1.2:*:*:*:*:*:*:*
Vendors & Products Ibm
Ibm controller
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Ibm Controller
cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published:

Updated: 2026-05-27T12:56:54.827Z

Reserved: 2026-03-27T21:12:55.757Z

Link: CVE-2026-5065

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-27T14:17:33.947

Modified: 2026-05-27T14:53:51.833

Link: CVE-2026-5065

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-27T18:30:26Z

Weaknesses