CVE-2025-36126

🗓️ 26 May 2026 15:52:49Reported by ibmType

CVE-2025-36126: IBM Cognos Analytics and Transformer suffer stored cross site scripting in Cognos Administration that could disclose credentials.

Reporter	Title	Published	Views	Family All 8
ATTACKERKB	CVE-2025-36126	26 May 202615:52	–	attackerkb
CNNVD	IBM Cognos Analytics和IBM Cognos Transformer 跨站脚本漏洞	26 May 202600:00	–	cnnvd
Cvelist	CVE-2025-36126 IBM Cognos Analytics is affected by Cross-site scripting.	26 May 202615:52	–	cvelist
EUVD	EUVD-2025-209930	26 May 202615:52	–	euvd
NVD	CVE-2025-36126	26 May 202617:16	–	nvd
Positive Technologies	PT-2026-43279	26 May 202600:00	–	ptsecurity
RedhatCVE	CVE-2025-36126	27 May 202620:13	–	redhatcve
Vulnrichment	CVE-2025-36126 IBM Cognos Analytics is affected by Cross-site scripting.	26 May 202615:52	–	vulnrichment

NVD

Vulners

Node

ibm cognos_analyticsRange12.1.0–12.1.2

ibm cognos_analyticsMatch11.2

ibm cognos_analyticsMatch11.2.0

ibm cognos_analyticsMatch11.2.1

ibm cognos_analyticsMatch11.2.2

ibm cognos_analyticsMatch11.2.3

ibm cognos_analyticsMatch11.2.4-

ibm cognos_analyticsMatch11.2.4fixpack1

ibm cognos_analyticsMatch11.2.4fixpack2

ibm cognos_analyticsMatch11.2.4fixpack3

ibm cognos_analyticsMatch11.2.4fixpack4

ibm cognos_analyticsMatch11.2.4fixpack5

ibm cognos_analyticsMatch11.2.4fixpack6

ibm cognos_analyticsMatch11.2.4interim_fix_1

ibm cognos_analyticsMatch11.2.4interim_fix_2

ibm cognos_analyticsMatch11.2.4interim_fix_3

ibm cognos_analyticsMatch11.2.4interim_fix_4

ibm cognos_analyticsMatch11.2.4interim_fix_5

ibm cognos_analyticsMatch12.0.0

ibm cognos_analyticsMatch12.0.1

ibm cognos_analyticsMatch12.0.2

ibm cognos_analyticsMatch12.0.3-

ibm cognos_analyticsMatch12.0.3interim_fix_1

ibm cognos_analyticsMatch12.0.3interim_fix_2

ibm cognos_analyticsMatch12.0.4-

ibm cognos_analyticsMatch12.0.4fixpack1

ibm cognos_analyticsMatch12.0.4interim_fix_1

ibm cognos_analyticsMatch12.0.4interim_fix_2

ibm cognos_analyticsMatch12.0.4interim_fix_3

ibm cognos_transformerMatch11.2.4

ibm cognos_transformerMatch12.0

ibm cognos_transformerMatch12.1.0

[
  {
    "vendor": "IBM",
    "product": "Cognos Analytics",
    "versions": [
      {
        "status": "affected",
        "version": "11.2.0"
      },
      {
        "status": "affected",
        "version": "12.0"
      },
      {
        "status": "affected",
        "version": "12.1.0"
      }
    ],
    "cpes": [
      "cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*",
      "cpe:2.3:a:ibm:cognos_analytics:12.0:*:*:*:*:*:*:*",
      "cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*",
      "cpe:2.3:a:ibm:cognos_analytics:12.1.0:*:*:*:*:*:*:*"
    ]
  },
  {
    "vendor": "IBM",
    "product": "Cognos Transformer",
    "versions": [
      {
        "status": "affected",
        "version": "12.0"
      },
      {
        "status": "affected",
        "version": "11.2.4"
      },
      {
        "status": "affected",
        "version": "12.1.0"
      }
    ],
    "cpes": [
      "cpe:2.3:a:ibm:cognos_transformer:12.0:*:*:*:*:*:*:*",
      "cpe:2.3:a:ibm:cognos_transformer:12.0.0:*:*:*:*:*:*:*",
      "cpe:2.3:a:ibm:cognos_transformer:11.2.4:*:*:*:*:*:*:*",
      "cpe:2.3:a:ibm:cognos_transformer:12.1.0:*:*:*:*:*:*:*"
    ]
  }
]

Source	Link
ibm	www.ibm.com/support/pages/node/7272628

17 Jun 2026 09:14Current

5.8Medium risk

Vulners AI Score5.8

CVSS 3.16.4 - 7.6

EPSS0.00185

SSVC

CWE-79