CVE-2025-3633

MEDIUM NVD

CVSS Score 5.4

Severity MEDIUM

Published May 27, 2026

Vendor unknown

Description

IBM Cognos Analytics 11.2.0, 11.2.4, 12.0, and 12.1.0 and IBM Cognos Transformer 11.2.4, 12.0, and 12.1.0 are vulnerable to cross-site scripting (XSS). This vulnerability allows a remote attacker to inject arbitrary JavaScript code into the web user interface, which may alter the intended functionality and could lead to the disclosure of credentials within a trusted session.

References

https://www.ibm.com/support/pages/node/7272628