CVE-2025-3633
EUVD-2025-20997427.05.2026, 14:16
IBM Cognos Analytics 11.2.0, 11.2.4, 12.0, and 12.1.0 and IBM Cognos Transformer 11.2.4, 12.0, and 12.1.0 are vulnerable to cross-site scripting (XSS). This vulnerability allows a remote attacker to inject arbitrary JavaScript code into the web user interface, which may alter the intended functionality and could lead to the disclosure of credentials within a trusted session.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| ibm | cognos_analytics | 11.2.0 ≤ 𝑥 < 11.2.4 |
| ibm | cognos_analytics | 12.0.0 ≤ 𝑥 < 12.0.4 |
| ibm | cognos_analytics | 12.1.0 ≤ 𝑥 < 12.1.2 |
| ibm | cognos_analytics | 11.2.4 |
| ibm | cognos_analytics | 11.2.4:fixpack1 |
| ibm | cognos_analytics | 11.2.4:fixpack2 |
| ibm | cognos_analytics | 11.2.4:fixpack3 |
| ibm | cognos_analytics | 11.2.4:fixpack4 |
| ibm | cognos_analytics | 11.2.4:fixpack5 |
| ibm | cognos_analytics | 11.2.4:fixpack6 |
| ibm | cognos_analytics | 11.2.4:interim_fix_1 |
| ibm | cognos_analytics | 11.2.4:interim_fix_2 |
| ibm | cognos_analytics | 11.2.4:interim_fix_3 |
| ibm | cognos_analytics | 11.2.4:interim_fix_4 |
| ibm | cognos_analytics | 11.2.4:interim_fix_5 |
| ibm | cognos_analytics | 12.0.4:interim_fix_1 |
| ibm | cognos_analytics | 12.0.4:interim_fix_2 |
| ibm | cognos_analytics | 12.0.4:interim_fix_3 |
| ibm | cognos_transformer | 11.2.4 |
| ibm | cognos_transformer | 12.0 |
| ibm | cognos_transformer | 12.1.0 |
𝑥
= Vulnerable software versions