IBM Cognos Analytics and Cognos Transformer versions 11.2.0, 12.0, and 12.1.0 contain a stored cross‑site scripting flaw in the administration interface. A user with privileged administrative rights can embed arbitrary JavaScript into the web UI. When other users view the affected pages, the injected code runs in their browsers, potentially exposing login credentials or other sensitive data from the trusted session. The weakness is identified as CWE‑79, a classic reflected or stored XSS vulnerability.

Affected product families are IBM Cognos Analytics and IBM Cognos Transformer. The problem exists in Cognos Analytics 11.2.0 through 11.2.4 (up to Fix Pack 6), Cognos Analytics 12.0.0 through 12.0.4 (up to Fix Pack 1), and Cognos Analytics 12.1.0 through 12.1.2 (up to Fix Pack 2). The Cognos Transformer versions 11.2.4, 12.0.0, and 12.1.0 are also impacted. Each product line has a documented fix pack that removes the vulnerability, and users should upgrade to the latest available fix pack per vendor guidance.

The CVSS score of 6.4 indicates the vulnerability is moderate in severity. EPSS data is not available, and the flaw is not listed in the CISA KEV catalog, suggesting it is not yet exploited in the wild. However, because the exploit requires a privileged administrator in the Cognos platform, once an attacker gains that access they can persist malicious scripts that run for all users and potentially compromise credentials. The risk is chiefly an insider threat or an attacker who has already stolen privileged credentials, so organizations should treat it as a moderate to high risk.