IBM Cognos Analytics is affected by multiple security vulnerabilities

6.4 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Description

IBM Cognos Analytics 11.2.0, 12.0, and 12.1.0 and IBM Cognos Transformer 12.0, 11.2.4, and 12.1.0 is vulnerable to stored cross-site scripting (XSS) in Cognos Adminstration. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Basic Information

ID CVE-2025-36126

Source ibm

Published May 26, 2026 at 15:52

Affected Product

Vendor IBM

Product Cognos Analytics

Version 11.2.0

Affected Versions IBM Cognos Analytics 11.2.0
IBM Cognos Analytics 12.0
IBM Cognos Analytics 12.1.0
IBM Cognos Transformer 12.0
IBM Cognos Transformer 11.2.4
IBM Cognos Transformer 12.1.0

CWE Classification

CWE-79

References

www.ibm.com /support/pages/node/7272628

{
    "lastseen": "",
    "description": "IBM Cognos Analytics 11.2.0, 12.0, and 12.1.0 and IBM Cognos Transformer 12.0, 11.2.4, and 12.1.0 is vulnerable to stored cross-site scripting (XSS) in Cognos Adminstration. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.",
    "published": "2026-05-26T15:52:49.002Z",
    "modified": "2026-05-26T15:52:49.002Z",
    "type": "cve",
    "title": "IBM Cognos Analytics is affected by multiple security vulnerabilities",
    "source": "ibm",
    "references": "https://www.ibm.com/support/pages/node/7272628",
    "id": "CVE-2025-36126",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79"
    ],
    "cvelist": null,
    "sourceData": "IBM Cognos Analytics 11.2.0\nIBM Cognos Analytics 12.0\nIBM Cognos Analytics 12.1.0\nIBM Cognos Transformer 12.0\nIBM Cognos Transformer 11.2.4\nIBM Cognos Transformer 12.1.0",
    "sourceHref": "",
    "cvss": {
        "score": 6.4,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Cognos Analytics",
    "version": "11.2.0",
    "vendor": "IBM",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

IBM Cognos Analytics is affected by multiple security vulnerabilities_CVE-2025-36126