NVD Vulnerability Detail
Search Exploit, PoC
CVE-2025-36126
Summary

IBM Cognos Analytics 11.2.0, 12.0, and 12.1.0 and IBM Cognos Transformer 12.0, 11.2.4, and 12.1.0 is vulnerable to stored cross-site scripting (XSS) in Cognos Adminstration. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Publication Date May 27, 2026, 2:16 a.m.
Registration Date May 27, 2026, 4:08 a.m.
Last Update June 2, 2026, 2:30 a.m.
CVSS3.1 : HIGH
スコア 7.6
Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N
攻撃元区分(AV) ネットワーク
攻撃条件の複雑さ(AC)
攻撃に必要な特権レベル(PR)
利用者の関与(UI)
影響の想定範囲(S) 変更あり
機密性への影響(C)
完全性への影響(I)
可用性への影響(A) なし
Affected software configurations
Configuration1 or higher or less more than less than
cpe:2.3:a:ibm:cognos_analytics:*:*:*:*:*:*:*:* 12.1.0 12.1.2
cpe:2.3:a:ibm:cognos_analytics:11.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:cognos_analytics:11.2.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:cognos_analytics:11.2.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:cognos_analytics:11.2.4:-:*:*:*:*:*:*
cpe:2.3:a:ibm:cognos_analytics:11.2.4:fixpack1:*:*:*:*:*:*
cpe:2.3:a:ibm:cognos_analytics:11.2.4:fixpack2:*:*:*:*:*:*
cpe:2.3:a:ibm:cognos_analytics:11.2.4:fixpack3:*:*:*:*:*:*
cpe:2.3:a:ibm:cognos_analytics:11.2.4:fixpack4:*:*:*:*:*:*
cpe:2.3:a:ibm:cognos_analytics:11.2.4:fixpack5:*:*:*:*:*:*
cpe:2.3:a:ibm:cognos_analytics:11.2.4:fixpack6:*:*:*:*:*:*
cpe:2.3:a:ibm:cognos_analytics:11.2.4:interim_fix_1:*:*:*:*:*:*
cpe:2.3:a:ibm:cognos_analytics:11.2.4:interim_fix_2:*:*:*:*:*:*
cpe:2.3:a:ibm:cognos_analytics:11.2.4:interim_fix_3:*:*:*:*:*:*
cpe:2.3:a:ibm:cognos_analytics:11.2.4:interim_fix_4:*:*:*:*:*:*
cpe:2.3:a:ibm:cognos_analytics:11.2.4:interim_fix_5:*:*:*:*:*:*
cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:cognos_analytics:12.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:cognos_analytics:12.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:cognos_analytics:12.0.3:-:*:*:*:*:*:*
cpe:2.3:a:ibm:cognos_analytics:12.0.3:interim_fix_1:*:*:*:*:*:*
cpe:2.3:a:ibm:cognos_analytics:12.0.3:interim_fix_2:*:*:*:*:*:*
cpe:2.3:a:ibm:cognos_analytics:12.0.4:-:*:*:*:*:*:*
cpe:2.3:a:ibm:cognos_analytics:12.0.4:fixpack1:*:*:*:*:*:*
cpe:2.3:a:ibm:cognos_analytics:12.0.4:interim_fix_1:*:*:*:*:*:*
cpe:2.3:a:ibm:cognos_analytics:12.0.4:interim_fix_2:*:*:*:*:*:*
cpe:2.3:a:ibm:cognos_analytics:12.0.4:interim_fix_3:*:*:*:*:*:*
cpe:2.3:a:ibm:cognos_transformer:11.2.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:cognos_transformer:12.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:cognos_transformer:12.1.0:*:*:*:*:*:*:*
Related information, measures and tools
Common Vulnerabilities List