NVD Vulnerability Detail

CVE-2025-3633

Summary	IBM Cognos Analytics 11.2.0, 11.2.4, 12.0, and 12.1.0 and IBM Cognos Transformer 11.2.4, 12.0, and 12.1.0 are vulnerable to cross-site scripting (XSS). This vulnerability allows a remote attacker to inject arbitrary JavaScript code into the web user interface, which may alter the intended functionality and could lead to the disclosure of credentials within a trusted session.
Publication Date	May 27, 2026, 11:16 p.m.
Registration Date	May 28, 2026, 4:10 a.m.
Last Update	June 3, 2026, 5:05 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:ibm:cognos_analytics::::::::	11.2.0			11.2.4
cpe:2.3:a:ibm:cognos_analytics::::::::	12.0.0			12.0.4
cpe:2.3:a:ibm:cognos_analytics::::::::	12.1.0			12.1.2
cpe:2.3:a:ibm:cognos_analytics:11.2.4:-::::::
cpe:2.3:a:ibm:cognos_analytics:11.2.4:fixpack1::::::
cpe:2.3:a:ibm:cognos_analytics:11.2.4:fixpack2::::::
cpe:2.3:a:ibm:cognos_analytics:11.2.4:fixpack3::::::
cpe:2.3:a:ibm:cognos_analytics:11.2.4:fixpack4::::::
cpe:2.3:a:ibm:cognos_analytics:11.2.4:fixpack5::::::
cpe:2.3:a:ibm:cognos_analytics:11.2.4:fixpack6::::::
cpe:2.3:a:ibm:cognos_analytics:11.2.4:interim_fix_1::::::
cpe:2.3:a:ibm:cognos_analytics:11.2.4:interim_fix_2::::::
cpe:2.3:a:ibm:cognos_analytics:11.2.4:interim_fix_3::::::
cpe:2.3:a:ibm:cognos_analytics:11.2.4:interim_fix_4::::::
cpe:2.3:a:ibm:cognos_analytics:11.2.4:interim_fix_5::::::
cpe:2.3:a:ibm:cognos_analytics:12.0.4:interim_fix_1::::::
cpe:2.3:a:ibm:cognos_analytics:12.0.4:interim_fix_2::::::
cpe:2.3:a:ibm:cognos_analytics:12.0.4:interim_fix_3::::::
cpe:2.3:a:ibm:cognos_transformer:11.2.4:::::::*
cpe:2.3:a:ibm:cognos_transformer:12.0:::::::*
cpe:2.3:a:ibm:cognos_transformer:12.1.0:::::::*

Related information, measures and tools

No	URL	refsource	タグ
1	https://www.ibm.com/support/pages/node/7272628	psirt@us.ibm.com

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-79	クロスサイト・スクリプティング（XSS）	https://cwe.mitre.org/data/definitions/79.html

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:ibm:cognos_analytics::::::::	11.2.0			11.2.4
cpe:2.3:a:ibm:cognos_analytics::::::::	12.0.0			12.0.4
cpe:2.3:a:ibm:cognos_analytics::::::::	12.1.0			12.1.2
cpe:2.3:a:ibm:cognos_analytics:11.2.4:-::::::
cpe:2.3:a:ibm:cognos_analytics:11.2.4:fixpack1::::::
cpe:2.3:a:ibm:cognos_analytics:11.2.4:fixpack2::::::
cpe:2.3:a:ibm:cognos_analytics:11.2.4:fixpack3::::::
cpe:2.3:a:ibm:cognos_analytics:11.2.4:fixpack4::::::
cpe:2.3:a:ibm:cognos_analytics:11.2.4:fixpack5::::::
cpe:2.3:a:ibm:cognos_analytics:11.2.4:fixpack6::::::
cpe:2.3:a:ibm:cognos_analytics:11.2.4:interim_fix_1::::::
cpe:2.3:a:ibm:cognos_analytics:11.2.4:interim_fix_2::::::
cpe:2.3:a:ibm:cognos_analytics:11.2.4:interim_fix_3::::::
cpe:2.3:a:ibm:cognos_analytics:11.2.4:interim_fix_4::::::
cpe:2.3:a:ibm:cognos_analytics:11.2.4:interim_fix_5::::::
cpe:2.3:a:ibm:cognos_analytics:12.0.4:interim_fix_1::::::
cpe:2.3:a:ibm:cognos_analytics:12.0.4:interim_fix_2::::::
cpe:2.3:a:ibm:cognos_analytics:12.0.4:interim_fix_3::::::
cpe:2.3:a:ibm:cognos_transformer:11.2.4:::::::*
cpe:2.3:a:ibm:cognos_transformer:12.0:::::::*
cpe:2.3:a:ibm:cognos_transformer:12.1.0:::::::*