What happened
IBM disclosed a medium-severity (CVSS 5.4) concurrency flaw in Cognos Analytics' Agentic AI assistant that can produce incorrect report summaries or cause processing failures under concurrent load.
Why it matters
While not an intrusion vector, this is a data-integrity issue in an agentic AI feature embedded in a widely used BI platform — incorrect AI-generated report summaries delivered to business users under concurrency could silently mislead downstream decision-making.
Attack vector
A race condition in the Agentic AI assistant's concurrent request-handling logic causes incorrect report summary results or report-processing failures when multiple authenticated users submit concurrent requests to the assistant.
Affected systems
IBM Cognos Analytics 12.1.3 GA through build 12.1.3-2606251736
Mitigation
Apply IBM's fix per the security bulletin (support pages node/7280311).