NVD脆弱性詳細

CVE-2025-36126

概要	IBM Cognos Analytics 11.2.0, 12.0, and 12.1.0 and IBM Cognos Transformer 12.0, 11.2.4, and 12.1.0 is vulnerable to stored cross-site scripting (XSS) in Cognos Adminstration. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
公表日	2026年5月27日2:16
登録日	2026年5月27日4:08
最終更新日	2026年6月2日2:30

CVSS3.1 : HIGH
スコア	7.6
ベクター	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	低
攻撃に必要な特権レベル(PR)	低
利用者の関与(UI)	要
影響の想定範囲(S)	変更あり
機密性への影響(C)	高
完全性への影響(I)	低
可用性への影響(A)	なし

影響を受けるソフトウェアの構成

構成1	以上	以下	より上	未満
cpe:2.3:a:ibm:cognos_analytics::::::::	12.1.0			12.1.2
cpe:2.3:a:ibm:cognos_analytics:11.2:::::::*
cpe:2.3:a:ibm:cognos_analytics:11.2.0:::::::*
cpe:2.3:a:ibm:cognos_analytics:11.2.1:::::::*
cpe:2.3:a:ibm:cognos_analytics:11.2.2:::::::*
cpe:2.3:a:ibm:cognos_analytics:11.2.3:::::::*
cpe:2.3:a:ibm:cognos_analytics:11.2.4:-::::::
cpe:2.3:a:ibm:cognos_analytics:11.2.4:fixpack1::::::
cpe:2.3:a:ibm:cognos_analytics:11.2.4:fixpack2::::::
cpe:2.3:a:ibm:cognos_analytics:11.2.4:fixpack3::::::
cpe:2.3:a:ibm:cognos_analytics:11.2.4:fixpack4::::::
cpe:2.3:a:ibm:cognos_analytics:11.2.4:fixpack5::::::
cpe:2.3:a:ibm:cognos_analytics:11.2.4:fixpack6::::::
cpe:2.3:a:ibm:cognos_analytics:11.2.4:interim_fix_1::::::
cpe:2.3:a:ibm:cognos_analytics:11.2.4:interim_fix_2::::::
cpe:2.3:a:ibm:cognos_analytics:11.2.4:interim_fix_3::::::
cpe:2.3:a:ibm:cognos_analytics:11.2.4:interim_fix_4::::::
cpe:2.3:a:ibm:cognos_analytics:11.2.4:interim_fix_5::::::
cpe:2.3:a:ibm:cognos_analytics:12.0.0:::::::*
cpe:2.3:a:ibm:cognos_analytics:12.0.1:::::::*
cpe:2.3:a:ibm:cognos_analytics:12.0.2:::::::*
cpe:2.3:a:ibm:cognos_analytics:12.0.3:-::::::
cpe:2.3:a:ibm:cognos_analytics:12.0.3:interim_fix_1::::::
cpe:2.3:a:ibm:cognos_analytics:12.0.3:interim_fix_2::::::
cpe:2.3:a:ibm:cognos_analytics:12.0.4:-::::::
cpe:2.3:a:ibm:cognos_analytics:12.0.4:fixpack1::::::
cpe:2.3:a:ibm:cognos_analytics:12.0.4:interim_fix_1::::::
cpe:2.3:a:ibm:cognos_analytics:12.0.4:interim_fix_2::::::
cpe:2.3:a:ibm:cognos_analytics:12.0.4:interim_fix_3::::::
cpe:2.3:a:ibm:cognos_transformer:11.2.4:::::::*
cpe:2.3:a:ibm:cognos_transformer:12.0:::::::*
cpe:2.3:a:ibm:cognos_transformer:12.1.0:::::::*

構成1	以上	以下	より上	未満
cpe:2.3:a:ibm:cognos_analytics::::::::	12.1.0			12.1.2
cpe:2.3:a:ibm:cognos_analytics:11.2:::::::*
cpe:2.3:a:ibm:cognos_analytics:11.2.0:::::::*
cpe:2.3:a:ibm:cognos_analytics:11.2.1:::::::*
cpe:2.3:a:ibm:cognos_analytics:11.2.2:::::::*
cpe:2.3:a:ibm:cognos_analytics:11.2.3:::::::*
cpe:2.3:a:ibm:cognos_analytics:11.2.4:-::::::
cpe:2.3:a:ibm:cognos_analytics:11.2.4:fixpack1::::::
cpe:2.3:a:ibm:cognos_analytics:11.2.4:fixpack2::::::
cpe:2.3:a:ibm:cognos_analytics:11.2.4:fixpack3::::::
cpe:2.3:a:ibm:cognos_analytics:11.2.4:fixpack4::::::
cpe:2.3:a:ibm:cognos_analytics:11.2.4:fixpack5::::::
cpe:2.3:a:ibm:cognos_analytics:11.2.4:fixpack6::::::
cpe:2.3:a:ibm:cognos_analytics:11.2.4:interim_fix_1::::::
cpe:2.3:a:ibm:cognos_analytics:11.2.4:interim_fix_2::::::
cpe:2.3:a:ibm:cognos_analytics:11.2.4:interim_fix_3::::::
cpe:2.3:a:ibm:cognos_analytics:11.2.4:interim_fix_4::::::
cpe:2.3:a:ibm:cognos_analytics:11.2.4:interim_fix_5::::::
cpe:2.3:a:ibm:cognos_analytics:12.0.0:::::::*
cpe:2.3:a:ibm:cognos_analytics:12.0.1:::::::*
cpe:2.3:a:ibm:cognos_analytics:12.0.2:::::::*
cpe:2.3:a:ibm:cognos_analytics:12.0.3:-::::::
cpe:2.3:a:ibm:cognos_analytics:12.0.3:interim_fix_1::::::
cpe:2.3:a:ibm:cognos_analytics:12.0.3:interim_fix_2::::::
cpe:2.3:a:ibm:cognos_analytics:12.0.4:-::::::
cpe:2.3:a:ibm:cognos_analytics:12.0.4:fixpack1::::::
cpe:2.3:a:ibm:cognos_analytics:12.0.4:interim_fix_1::::::
cpe:2.3:a:ibm:cognos_analytics:12.0.4:interim_fix_2::::::
cpe:2.3:a:ibm:cognos_analytics:12.0.4:interim_fix_3::::::
cpe:2.3:a:ibm:cognos_transformer:11.2.4:::::::*
cpe:2.3:a:ibm:cognos_transformer:12.0:::::::*
cpe:2.3:a:ibm:cognos_transformer:12.1.0:::::::*