IBM Cognos Analytics is affected by multiple security vulnerabilities

5.4 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Description

IBM Cognos Analytics 11.2.0, 11.2.4, 12.0, and 12.1.0 and IBM Cognos Transformer 11.2.4, 12.0, and 12.1.0 are vulnerable to cross-site scripting (XSS). This vulnerability allows a remote attacker to inject arbitrary JavaScript code into the web user interface, which may alter the intended functionality and could lead to the disclosure of credentials within a trusted session.

Basic Information

ID CVE-2025-3633

Source ibm

Published May 27, 2026 at 12:17

Affected Product

Vendor IBM

Product Cognos Analytics

Version 11.2.0

Affected Versions IBM Cognos Analytics 11.2.0
IBM Cognos Analytics 12.0
IBM Cognos Analytics 12.1.0
IBM Cognos Transformer 12.0
IBM Cognos Transformer 11.2.4
IBM Cognos Transformer 12.1.0

CWE Classification

CWE-79

References

www.ibm.com /support/pages/node/7272628

{
    "lastseen": "",
    "description": "IBM Cognos Analytics 11.2.0, 11.2.4, 12.0, and 12.1.0 and IBM Cognos Transformer 11.2.4, 12.0, and 12.1.0 are vulnerable to cross-site scripting (XSS). This vulnerability allows a remote attacker to inject arbitrary JavaScript code into the web user interface, which may alter the intended functionality and could lead to the disclosure of credentials within a trusted session.",
    "published": "2026-05-27T12:17:11.519Z",
    "modified": "2026-05-27T12:17:11.519Z",
    "type": "cve",
    "title": "IBM Cognos Analytics is affected by multiple security vulnerabilities",
    "source": "ibm",
    "references": "https://www.ibm.com/support/pages/node/7272628",
    "id": "CVE-2025-3633",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79"
    ],
    "cvelist": null,
    "sourceData": "IBM Cognos Analytics 11.2.0\nIBM Cognos Analytics 12.0\nIBM Cognos Analytics 12.1.0\nIBM Cognos Transformer 12.0\nIBM Cognos Transformer 11.2.4\nIBM Cognos Transformer 12.1.0",
    "sourceHref": "",
    "cvss": {
        "score": 5.4,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Cognos Analytics",
    "version": "11.2.0",
    "vendor": "IBM",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

IBM Cognos Analytics is affected by multiple security vulnerabilities_CVE-2025-3633