Search

Find a vulnerability

Search criteria

    18 vulnerabilities found for Cognos Analytics Mobile by IBM

    CVE-2025-36106 (GCVE-0-2025-36106)

    Vulnerability from nvd – Published: 2025-07-21 18:08 – Updated: 2025-08-18 01:32
    VLAI
    Title
    IBM Cognos Analytics Mobile (iOS) information disclosure
    Summary
    IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 could allow malicious actors to view and modify information coming to and from the application which could then be used to access confidential information on the device or network by using a the deprecated or misconfigured AFNetworking library at runtime.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-326 - Inadequate Encryption Strength
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7239635 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Cognos Analytics Mobile Affected: 1.1.0 , ≤ 1.1.22 (semver)
        cpe:2.3:a:ibm:cognos_analytics_mobile:1.1.0:*:*:*:*:ios:*:*
        cpe:2.3:a:ibm:cognos_analytics_mobile:1.1.22:*:*:*:*:ios:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-36106",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-21T18:41:45.044508Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-21T18:43:15.502Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:cognos_analytics_mobile:1.1.0:*:*:*:*:ios:*:*",
                "cpe:2.3:a:ibm:cognos_analytics_mobile:1.1.22:*:*:*:*:ios:*:*"
              ],
              "defaultStatus": "unaffected",
              "platforms": [
                "iOS"
              ],
              "product": "Cognos Analytics Mobile",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "1.1.22",
                  "status": "affected",
                  "version": "1.1.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 could allow malicious actors to view and modify information coming to and from the application which could then be used to access confidential information on the device or network by using a the deprecated or misconfigured AFNetworking library at runtime."
                }
              ],
              "value": "IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 could allow malicious actors to view and modify information coming to and from the application which could then be used to access confidential information on the device or network by using a the deprecated or misconfigured AFNetworking library at runtime."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-326",
                  "description": "CWE-326 Inadequate Encryption Strength",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-18T01:32:49.740Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7239635"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM encourages customers to update their devices promptly.\u003cbr\u003e\u003cbr\u003eIBM Cognos Analytics Mobile (iOS)  1.1.0 - 1.1.22  IBM Cognos Analytics Mobile (iOS) 1.1.23\u003cbr\u003e"
                }
              ],
              "value": "IBM encourages customers to update their devices promptly.\n\nIBM Cognos Analytics Mobile (iOS)  1.1.0 - 1.1.22  IBM Cognos Analytics Mobile (iOS) 1.1.23"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Cognos Analytics Mobile (iOS) information disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-36106",
        "datePublished": "2025-07-21T18:08:09.988Z",
        "dateReserved": "2025-04-15T21:16:16.298Z",
        "dateUpdated": "2025-08-18T01:32:49.740Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-36062 (GCVE-0-2025-36062)

    Vulnerability from nvd – Published: 2025-07-21 18:09 – Updated: 2025-08-18 01:33
    VLAI
    Title
    IBM Cognos Analytics Mobile (iOS) information disclosure
    Summary
    IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 could be vulnerable to information exposure due to the use of unencrypted network traffic.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-311 - Missing Encryption of Sensitive Data
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7239635 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Cognos Analytics Mobile Affected: 1.1.0 , ≤ 1.1.22 (semver)
        cpe:2.3:a:ibm:cognos_analytics_mobile:1.1.0:*:*:*:*:ios:*:*
        cpe:2.3:a:ibm:cognos_analytics_mobile:1.1.22:*:*:*:*:ios:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-36062",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-21T18:45:47.988927Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-21T18:45:55.612Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:cognos_analytics_mobile:1.1.0:*:*:*:*:ios:*:*",
                "cpe:2.3:a:ibm:cognos_analytics_mobile:1.1.22:*:*:*:*:ios:*:*"
              ],
              "defaultStatus": "unaffected",
              "platforms": [
                "iOS"
              ],
              "product": "Cognos Analytics Mobile",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "1.1.22",
                  "status": "affected",
                  "version": "1.1.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ecould be vulnerable to information exposure due to the use of unencrypted network traffic.\u003c/span\u003e"
                }
              ],
              "value": "IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 \n\ncould be vulnerable to information exposure due to the use of unencrypted network traffic."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-311",
                  "description": "CWE-311 Missing Encryption of Sensitive Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-18T01:33:11.704Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7239635"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM encourages customers to update their devices promptly.\u003cbr\u003e\u003cbr\u003eIBM Cognos Analytics Mobile (iOS)  1.1.0 - 1.1.22  IBM Cognos Analytics Mobile (iOS) 1.1.23\u003cbr\u003e"
                }
              ],
              "value": "IBM encourages customers to update their devices promptly.\n\nIBM Cognos Analytics Mobile (iOS)  1.1.0 - 1.1.22  IBM Cognos Analytics Mobile (iOS) 1.1.23"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Cognos Analytics Mobile (iOS) information disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-36062",
        "datePublished": "2025-07-21T18:09:18.846Z",
        "dateReserved": "2025-04-15T21:16:12.197Z",
        "dateUpdated": "2025-08-18T01:33:11.704Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-36057 (GCVE-0-2025-36057)

    Vulnerability from nvd – Published: 2025-07-21 18:10 – Updated: 2025-08-18 01:32
    VLAI
    Title
    IBM Cognos Analytics Mobile (iOS) authentication bypass
    Summary
    IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 is vulnerable to authentication bypass by using the Local Authentication Framework library which is not needed as biometric authentication is not used in the application.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-299 - Authentication Bypass Using an Alternate Path or Channel
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7239635 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Cognos Analytics Mobile Affected: 1.1.0 , ≤ 1.1.22 (semver)
        cpe:2.3:a:ibm:cognos_analytics_mobile:1.1.0:*:*:*:*:ios:*:*
        cpe:2.3:a:ibm:cognos_analytics_mobile:1.1.22:*:*:*:*:ios:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-36057",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-21T18:29:43.076308Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-21T18:39:00.437Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:cognos_analytics_mobile:1.1.0:*:*:*:*:ios:*:*",
                "cpe:2.3:a:ibm:cognos_analytics_mobile:1.1.22:*:*:*:*:ios:*:*"
              ],
              "defaultStatus": "unaffected",
              "platforms": [
                "iOS"
              ],
              "product": "Cognos Analytics Mobile",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "1.1.22",
                  "status": "affected",
                  "version": "1.1.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eis vulnerable to authentication bypass by using the Local Authentication Framework library which is not needed as biometric authentication is not used in the application.\u003c/span\u003e"
                }
              ],
              "value": "IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 \n\nis vulnerable to authentication bypass by using the Local Authentication Framework library which is not needed as biometric authentication is not used in the application."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-299",
                  "description": "CWE-299 Authentication Bypass Using an Alternate Path or Channel",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-18T01:32:20.671Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7239635"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM encourages customers to update their devices promptly.\u003cbr\u003e\u003cbr\u003eIBM Cognos Analytics Mobile (iOS)  1.1.0 - 1.1.22  IBM Cognos Analytics Mobile (iOS) 1.1.23\u003cbr\u003e"
                }
              ],
              "value": "IBM encourages customers to update their devices promptly.\n\nIBM Cognos Analytics Mobile (iOS)  1.1.0 - 1.1.22  IBM Cognos Analytics Mobile (iOS) 1.1.23"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Cognos Analytics Mobile (iOS) authentication bypass",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-36057",
        "datePublished": "2025-07-21T18:10:32.157Z",
        "dateReserved": "2025-04-15T21:16:11.325Z",
        "dateUpdated": "2025-08-18T01:32:20.671Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-36107 (GCVE-0-2025-36107)

    Vulnerability from nvd – Published: 2025-07-21 18:07 – Updated: 2025-08-18 01:33
    VLAI
    Title
    IBM Cognos Analytics Mobile (iOS) information disclosure
    Summary
    IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 could allow malicious actors to obtain sensitive information due to the cleartext transmission of data.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-319 - Cleartext Transmission of Sensitive Information
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7239635 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Cognos Analytics Mobile Affected: 1.1.0 , ≤ 1.1.22 (semver)
        cpe:2.3:a:ibm:cognos_analytics_mobile:1.1.0:*:*:*:*:ios:*:*
        cpe:2.3:a:ibm:cognos_analytics_mobile:1.1.22:*:*:*:*:ios:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-36107",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-21T18:17:53.765293Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-21T18:18:11.768Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:cognos_analytics_mobile:1.1.0:*:*:*:*:ios:*:*",
                "cpe:2.3:a:ibm:cognos_analytics_mobile:1.1.22:*:*:*:*:ios:*:*"
              ],
              "defaultStatus": "unaffected",
              "platforms": [
                "iOS"
              ],
              "product": "Cognos Analytics Mobile",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "1.1.22",
                  "status": "affected",
                  "version": "1.1.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 could allow malicious actors to obtain sensitive information due to the cleartext transmission of data."
                }
              ],
              "value": "IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 could allow malicious actors to obtain sensitive information due to the cleartext transmission of data."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-319",
                  "description": "CWE-319 Cleartext Transmission of Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-18T01:33:40.490Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7239635"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM encourages customers to update their devices promptly.\u003cbr\u003e\u003cbr\u003eIBM Cognos Analytics Mobile (iOS)  1.1.0 - 1.1.22  IBM Cognos Analytics Mobile (iOS) 1.1.23\u003cbr\u003e"
                }
              ],
              "value": "IBM encourages customers to update their devices promptly.\n\nIBM Cognos Analytics Mobile (iOS)  1.1.0 - 1.1.22  IBM Cognos Analytics Mobile (iOS) 1.1.23"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Cognos Analytics Mobile (iOS) information disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-36107",
        "datePublished": "2025-07-21T18:07:13.217Z",
        "dateReserved": "2025-04-15T21:16:16.298Z",
        "dateUpdated": "2025-08-18T01:33:40.490Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-0895 (GCVE-0-2025-0895)

    Vulnerability from nvd – Published: 2025-03-02 15:20 – Updated: 2025-09-01 01:09
    VLAI
    Title
    IBM Cognos Mobile information disclosure
    Summary
    IBM Cognos Analytics Mobile 1.1 for Android could allow a user with physical access to the device, to obtain sensitive information from debugging code log messages.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-215 - Insertion of Sensitive Information Into Debugging Code
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7184430 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Cognos Analytics Mobile Affected: 1.1
        cpe:2.3:a:ibm:cognos_analytics_mobile:1.1:*:*:*:*:android:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-0895",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-03T15:55:24.891775Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-03T15:55:51.751Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:cognos_analytics_mobile:1.1:*:*:*:*:android:*:*"
              ],
              "defaultStatus": "unaffected",
              "platforms": [
                "Android"
              ],
              "product": "Cognos Analytics Mobile",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Cognos Analytics Mobile 1.1 for Android could allow a user with physical access to the device, to obtain sensitive information from debugging code log messages."
                }
              ],
              "value": "IBM Cognos Analytics Mobile 1.1 for Android could allow a user with physical access to the device, to obtain sensitive information from debugging code log messages."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "NONE",
                "baseScore": 2.4,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-215",
                  "description": "CWE-215 Insertion of Sensitive Information Into Debugging Code",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-01T01:09:34.068Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7184430"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Cognos Mobile information disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-0895",
        "datePublished": "2025-03-02T15:20:05.520Z",
        "dateReserved": "2025-01-30T18:37:46.385Z",
        "dateUpdated": "2025-09-01T01:09:34.068Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-55907 (GCVE-0-2024-55907)

    Vulnerability from nvd – Published: 2025-03-02 15:22 – Updated: 2025-09-01 01:09
    VLAI
    Title
    IBM Cognos Mobile information disclosure
    Summary
    IBM Cognos Analytics Mobile 1.1 for iOS application could allow an attacker to reverse engineer the codebase to gain knowledge about the programming technique, interface, class definitions, algorithms and functions used due to weak obfuscation.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-540 - Inclusion of Sensitive Information in Source Code
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7184429 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Cognos Analytics Mobile Affected: 1.1
        cpe:2.3:a:ibm:cognos_analytics_mobile:1.1:*:*:*:*:ios:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-55907",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-03T15:24:58.531148Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-03T15:25:14.134Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:cognos_analytics_mobile:1.1:*:*:*:*:ios:*:*"
              ],
              "defaultStatus": "unaffected",
              "platforms": [
                "iOS"
              ],
              "product": "Cognos Analytics Mobile",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Cognos Analytics Mobile 1.1 for iOS application could allow an attacker to reverse engineer the codebase to gain knowledge about the programming technique, interface, class definitions, algorithms and functions used due to weak obfuscation."
                }
              ],
              "value": "IBM Cognos Analytics Mobile 1.1 for iOS application could allow an attacker to reverse engineer the codebase to gain knowledge about the programming technique, interface, class definitions, algorithms and functions used due to weak obfuscation."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "NONE",
                "baseScore": 2,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-540",
                  "description": "CWE-540 Inclusion of Sensitive Information in Source Code",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-01T01:09:49.562Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7184429"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Cognos Mobile information disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2024-55907",
        "datePublished": "2025-03-02T15:22:59.258Z",
        "dateReserved": "2024-12-12T18:07:25.450Z",
        "dateUpdated": "2025-09-01T01:09:49.562Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-38009 (GCVE-0-2023-38009)

    Vulnerability from nvd – Published: 2025-01-26 15:57 – Updated: 2025-01-27 14:52
    VLAI
    Title
    IBM Cognos Analytics Mobile information disclosure
    Summary
    IBM Cognos Mobile Client 1.1 iOS may be vulnerable to information disclosure through man in the middle techniques due to the lack of certificate pinning.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-295 - Improper Certificate Validation
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Cognos Analytics Mobile Affected: 1.1
        cpe:2.3:a:ibm:cognos_analytics_mobile:1.1:*:*:*:*:ios:*:*
    Create a notification for this product.
    IBM Cognos Analytics Mobile Affected: 1.1
        cpe:2.3:a:ibm:cognos_analytics_mobile:1.1:*:*:*:*:android:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-38009",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-27T14:39:38.494450Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-27T14:52:09.533Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:cognos_analytics_mobile:1.1:*:*:*:*:ios:*:*"
              ],
              "defaultStatus": "unaffected",
              "platforms": [
                "iOS"
              ],
              "product": "Cognos Analytics Mobile",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:ibm:cognos_analytics_mobile:1.1:*:*:*:*:android:*:*"
              ],
              "defaultStatus": "unaffected",
              "platforms": [
                "Android"
              ],
              "product": "Cognos Analytics Mobile",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Cognos Mobile Client 1.1 iOS may be vulnerable to information disclosure through man in the middle techniques due to the lack of certificate pinning."
                }
              ],
              "value": "IBM Cognos Mobile Client 1.1 iOS may be vulnerable to information disclosure through man in the middle techniques due to the lack of certificate pinning."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "NONE",
                "baseScore": 4.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-295",
                  "description": "CWE-295 Improper Certificate Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-26T15:57:42.477Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7172691"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7172692"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Cognos Analytics Mobile information disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2023-38009",
        "datePublished": "2025-01-26T15:57:42.477Z",
        "dateReserved": "2023-07-11T17:33:11.276Z",
        "dateUpdated": "2025-01-27T14:52:09.533Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-39080 (GCVE-0-2021-39080)

    Vulnerability from nvd – Published: 2022-02-14 17:30 – Updated: 2024-09-16 22:56
    VLAI
    Summary
    Due to weak obfuscation, IBM Cognos Analytics Mobile for Android application prior to version 1.1.14 , an attacker could be able to reverse engineer the codebase to gain knowledge about the programming technique, interface, class definitions, algorithms and functions used. IBM X-Force ID: 215593.
    CWE
    • Obtain Information
    Assigner
    ibm
    References
    Impacted products
    Date Public
    2022-02-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T01:58:17.616Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/6555140"
              },
              {
                "name": "ibm-cognos-cve202139080-info-disc (215593)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/215593"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cognos Analytics Mobile",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1"
                }
              ]
            }
          ],
          "datePublic": "2022-02-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Due to weak obfuscation, IBM Cognos Analytics Mobile for Android application prior to version 1.1.14 , an attacker could be able to reverse engineer the codebase to gain knowledge about the programming technique, interface, class definitions, algorithms and functions used. IBM X-Force ID: 215593."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 4.2,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/I:L/S:U/AV:N/UI:N/PR:N/AC:H/A:N/C:L/RL:O/E:U/RC:C",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Obtain Information",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-02-14T17:30:14.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/pages/node/6555140"
            },
            {
              "name": "ibm-cognos-cve202139080-info-disc (215593)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/215593"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2022-02-11T00:00:00",
              "ID": "CVE-2021-39080",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cognos Analytics Mobile",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Due to weak obfuscation, IBM Cognos Analytics Mobile for Android application prior to version 1.1.14 , an attacker could be able to reverse engineer the codebase to gain knowledge about the programming technique, interface, class definitions, algorithms and functions used. IBM X-Force ID: 215593."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "H",
                  "AV": "N",
                  "C": "L",
                  "I": "L",
                  "PR": "N",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Obtain Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/pages/node/6555140",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 6555140 (Cognos Analytics Mobile)",
                  "url": "https://www.ibm.com/support/pages/node/6555140"
                },
                {
                  "name": "ibm-cognos-cve202139080-info-disc (215593)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/215593"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2021-39080",
        "datePublished": "2022-02-14T17:30:14.400Z",
        "dateReserved": "2021-08-16T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:56:47.755Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-39079 (GCVE-0-2021-39079)

    Vulnerability from nvd – Published: 2022-02-14 17:30 – Updated: 2024-09-16 18:49
    VLAI
    Summary
    IBM Cognos Analytics Mobile for Android applications prior to version 1.1.14 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 215592.
    CWE
    • Cross-Site Scripting
    Assigner
    ibm
    References
    Impacted products
    Date Public
    2022-02-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T01:58:17.767Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/6555140"
              },
              {
                "name": "ibm-cognos-cve202139079-xss (215592)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/215592"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cognos Analytics Mobile",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1"
                }
              ]
            }
          ],
          "datePublic": "2022-02-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Cognos Analytics Mobile for Android applications prior to version 1.1.14 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 215592."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitCodeMaturity": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "CHANGED",
                "temporalScore": 5.2,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/I:L/AV:N/S:C/PR:L/UI:R/C:L/A:N/AC:L/RC:C/E:H/RL:O",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-Site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-02-14T17:30:12.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/pages/node/6555140"
            },
            {
              "name": "ibm-cognos-cve202139079-xss (215592)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/215592"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2022-02-11T00:00:00",
              "ID": "CVE-2021-39079",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cognos Analytics Mobile",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Cognos Analytics Mobile for Android applications prior to version 1.1.14 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 215592."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "L",
                  "AV": "N",
                  "C": "L",
                  "I": "L",
                  "PR": "L",
                  "S": "C",
                  "UI": "R"
                },
                "TM": {
                  "E": "H",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-Site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/pages/node/6555140",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 6555140 (Cognos Analytics Mobile)",
                  "url": "https://www.ibm.com/support/pages/node/6555140"
                },
                {
                  "name": "ibm-cognos-cve202139079-xss (215592)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/215592"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2021-39079",
        "datePublished": "2022-02-14T17:30:12.634Z",
        "dateReserved": "2021-08-16T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:49:33.228Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-36057 (GCVE-0-2025-36057)

    Vulnerability from cvelistv5 – Published: 2025-07-21 18:10 – Updated: 2025-08-18 01:32
    VLAI
    Title
    IBM Cognos Analytics Mobile (iOS) authentication bypass
    Summary
    IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 is vulnerable to authentication bypass by using the Local Authentication Framework library which is not needed as biometric authentication is not used in the application.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-299 - Authentication Bypass Using an Alternate Path or Channel
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7239635 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Cognos Analytics Mobile Affected: 1.1.0 , ≤ 1.1.22 (semver)
        cpe:2.3:a:ibm:cognos_analytics_mobile:1.1.0:*:*:*:*:ios:*:*
        cpe:2.3:a:ibm:cognos_analytics_mobile:1.1.22:*:*:*:*:ios:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-36057",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-21T18:29:43.076308Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-21T18:39:00.437Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:cognos_analytics_mobile:1.1.0:*:*:*:*:ios:*:*",
                "cpe:2.3:a:ibm:cognos_analytics_mobile:1.1.22:*:*:*:*:ios:*:*"
              ],
              "defaultStatus": "unaffected",
              "platforms": [
                "iOS"
              ],
              "product": "Cognos Analytics Mobile",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "1.1.22",
                  "status": "affected",
                  "version": "1.1.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eis vulnerable to authentication bypass by using the Local Authentication Framework library which is not needed as biometric authentication is not used in the application.\u003c/span\u003e"
                }
              ],
              "value": "IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 \n\nis vulnerable to authentication bypass by using the Local Authentication Framework library which is not needed as biometric authentication is not used in the application."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-299",
                  "description": "CWE-299 Authentication Bypass Using an Alternate Path or Channel",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-18T01:32:20.671Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7239635"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM encourages customers to update their devices promptly.\u003cbr\u003e\u003cbr\u003eIBM Cognos Analytics Mobile (iOS)  1.1.0 - 1.1.22  IBM Cognos Analytics Mobile (iOS) 1.1.23\u003cbr\u003e"
                }
              ],
              "value": "IBM encourages customers to update their devices promptly.\n\nIBM Cognos Analytics Mobile (iOS)  1.1.0 - 1.1.22  IBM Cognos Analytics Mobile (iOS) 1.1.23"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Cognos Analytics Mobile (iOS) authentication bypass",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-36057",
        "datePublished": "2025-07-21T18:10:32.157Z",
        "dateReserved": "2025-04-15T21:16:11.325Z",
        "dateUpdated": "2025-08-18T01:32:20.671Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-36062 (GCVE-0-2025-36062)

    Vulnerability from cvelistv5 – Published: 2025-07-21 18:09 – Updated: 2025-08-18 01:33
    VLAI
    Title
    IBM Cognos Analytics Mobile (iOS) information disclosure
    Summary
    IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 could be vulnerable to information exposure due to the use of unencrypted network traffic.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-311 - Missing Encryption of Sensitive Data
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7239635 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Cognos Analytics Mobile Affected: 1.1.0 , ≤ 1.1.22 (semver)
        cpe:2.3:a:ibm:cognos_analytics_mobile:1.1.0:*:*:*:*:ios:*:*
        cpe:2.3:a:ibm:cognos_analytics_mobile:1.1.22:*:*:*:*:ios:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-36062",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-21T18:45:47.988927Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-21T18:45:55.612Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:cognos_analytics_mobile:1.1.0:*:*:*:*:ios:*:*",
                "cpe:2.3:a:ibm:cognos_analytics_mobile:1.1.22:*:*:*:*:ios:*:*"
              ],
              "defaultStatus": "unaffected",
              "platforms": [
                "iOS"
              ],
              "product": "Cognos Analytics Mobile",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "1.1.22",
                  "status": "affected",
                  "version": "1.1.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ecould be vulnerable to information exposure due to the use of unencrypted network traffic.\u003c/span\u003e"
                }
              ],
              "value": "IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 \n\ncould be vulnerable to information exposure due to the use of unencrypted network traffic."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-311",
                  "description": "CWE-311 Missing Encryption of Sensitive Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-18T01:33:11.704Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7239635"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM encourages customers to update their devices promptly.\u003cbr\u003e\u003cbr\u003eIBM Cognos Analytics Mobile (iOS)  1.1.0 - 1.1.22  IBM Cognos Analytics Mobile (iOS) 1.1.23\u003cbr\u003e"
                }
              ],
              "value": "IBM encourages customers to update their devices promptly.\n\nIBM Cognos Analytics Mobile (iOS)  1.1.0 - 1.1.22  IBM Cognos Analytics Mobile (iOS) 1.1.23"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Cognos Analytics Mobile (iOS) information disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-36062",
        "datePublished": "2025-07-21T18:09:18.846Z",
        "dateReserved": "2025-04-15T21:16:12.197Z",
        "dateUpdated": "2025-08-18T01:33:11.704Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-36106 (GCVE-0-2025-36106)

    Vulnerability from cvelistv5 – Published: 2025-07-21 18:08 – Updated: 2025-08-18 01:32
    VLAI
    Title
    IBM Cognos Analytics Mobile (iOS) information disclosure
    Summary
    IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 could allow malicious actors to view and modify information coming to and from the application which could then be used to access confidential information on the device or network by using a the deprecated or misconfigured AFNetworking library at runtime.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-326 - Inadequate Encryption Strength
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7239635 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Cognos Analytics Mobile Affected: 1.1.0 , ≤ 1.1.22 (semver)
        cpe:2.3:a:ibm:cognos_analytics_mobile:1.1.0:*:*:*:*:ios:*:*
        cpe:2.3:a:ibm:cognos_analytics_mobile:1.1.22:*:*:*:*:ios:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-36106",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-21T18:41:45.044508Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-21T18:43:15.502Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:cognos_analytics_mobile:1.1.0:*:*:*:*:ios:*:*",
                "cpe:2.3:a:ibm:cognos_analytics_mobile:1.1.22:*:*:*:*:ios:*:*"
              ],
              "defaultStatus": "unaffected",
              "platforms": [
                "iOS"
              ],
              "product": "Cognos Analytics Mobile",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "1.1.22",
                  "status": "affected",
                  "version": "1.1.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 could allow malicious actors to view and modify information coming to and from the application which could then be used to access confidential information on the device or network by using a the deprecated or misconfigured AFNetworking library at runtime."
                }
              ],
              "value": "IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 could allow malicious actors to view and modify information coming to and from the application which could then be used to access confidential information on the device or network by using a the deprecated or misconfigured AFNetworking library at runtime."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-326",
                  "description": "CWE-326 Inadequate Encryption Strength",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-18T01:32:49.740Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7239635"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM encourages customers to update their devices promptly.\u003cbr\u003e\u003cbr\u003eIBM Cognos Analytics Mobile (iOS)  1.1.0 - 1.1.22  IBM Cognos Analytics Mobile (iOS) 1.1.23\u003cbr\u003e"
                }
              ],
              "value": "IBM encourages customers to update their devices promptly.\n\nIBM Cognos Analytics Mobile (iOS)  1.1.0 - 1.1.22  IBM Cognos Analytics Mobile (iOS) 1.1.23"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Cognos Analytics Mobile (iOS) information disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-36106",
        "datePublished": "2025-07-21T18:08:09.988Z",
        "dateReserved": "2025-04-15T21:16:16.298Z",
        "dateUpdated": "2025-08-18T01:32:49.740Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-36107 (GCVE-0-2025-36107)

    Vulnerability from cvelistv5 – Published: 2025-07-21 18:07 – Updated: 2025-08-18 01:33
    VLAI
    Title
    IBM Cognos Analytics Mobile (iOS) information disclosure
    Summary
    IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 could allow malicious actors to obtain sensitive information due to the cleartext transmission of data.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-319 - Cleartext Transmission of Sensitive Information
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7239635 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Cognos Analytics Mobile Affected: 1.1.0 , ≤ 1.1.22 (semver)
        cpe:2.3:a:ibm:cognos_analytics_mobile:1.1.0:*:*:*:*:ios:*:*
        cpe:2.3:a:ibm:cognos_analytics_mobile:1.1.22:*:*:*:*:ios:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-36107",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-21T18:17:53.765293Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-21T18:18:11.768Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:cognos_analytics_mobile:1.1.0:*:*:*:*:ios:*:*",
                "cpe:2.3:a:ibm:cognos_analytics_mobile:1.1.22:*:*:*:*:ios:*:*"
              ],
              "defaultStatus": "unaffected",
              "platforms": [
                "iOS"
              ],
              "product": "Cognos Analytics Mobile",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "1.1.22",
                  "status": "affected",
                  "version": "1.1.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 could allow malicious actors to obtain sensitive information due to the cleartext transmission of data."
                }
              ],
              "value": "IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 could allow malicious actors to obtain sensitive information due to the cleartext transmission of data."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-319",
                  "description": "CWE-319 Cleartext Transmission of Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-18T01:33:40.490Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7239635"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM encourages customers to update their devices promptly.\u003cbr\u003e\u003cbr\u003eIBM Cognos Analytics Mobile (iOS)  1.1.0 - 1.1.22  IBM Cognos Analytics Mobile (iOS) 1.1.23\u003cbr\u003e"
                }
              ],
              "value": "IBM encourages customers to update their devices promptly.\n\nIBM Cognos Analytics Mobile (iOS)  1.1.0 - 1.1.22  IBM Cognos Analytics Mobile (iOS) 1.1.23"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Cognos Analytics Mobile (iOS) information disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-36107",
        "datePublished": "2025-07-21T18:07:13.217Z",
        "dateReserved": "2025-04-15T21:16:16.298Z",
        "dateUpdated": "2025-08-18T01:33:40.490Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-55907 (GCVE-0-2024-55907)

    Vulnerability from cvelistv5 – Published: 2025-03-02 15:22 – Updated: 2025-09-01 01:09
    VLAI
    Title
    IBM Cognos Mobile information disclosure
    Summary
    IBM Cognos Analytics Mobile 1.1 for iOS application could allow an attacker to reverse engineer the codebase to gain knowledge about the programming technique, interface, class definitions, algorithms and functions used due to weak obfuscation.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-540 - Inclusion of Sensitive Information in Source Code
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7184429 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Cognos Analytics Mobile Affected: 1.1
        cpe:2.3:a:ibm:cognos_analytics_mobile:1.1:*:*:*:*:ios:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-55907",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-03T15:24:58.531148Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-03T15:25:14.134Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:cognos_analytics_mobile:1.1:*:*:*:*:ios:*:*"
              ],
              "defaultStatus": "unaffected",
              "platforms": [
                "iOS"
              ],
              "product": "Cognos Analytics Mobile",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Cognos Analytics Mobile 1.1 for iOS application could allow an attacker to reverse engineer the codebase to gain knowledge about the programming technique, interface, class definitions, algorithms and functions used due to weak obfuscation."
                }
              ],
              "value": "IBM Cognos Analytics Mobile 1.1 for iOS application could allow an attacker to reverse engineer the codebase to gain knowledge about the programming technique, interface, class definitions, algorithms and functions used due to weak obfuscation."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "NONE",
                "baseScore": 2,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-540",
                  "description": "CWE-540 Inclusion of Sensitive Information in Source Code",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-01T01:09:49.562Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7184429"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Cognos Mobile information disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2024-55907",
        "datePublished": "2025-03-02T15:22:59.258Z",
        "dateReserved": "2024-12-12T18:07:25.450Z",
        "dateUpdated": "2025-09-01T01:09:49.562Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-0895 (GCVE-0-2025-0895)

    Vulnerability from cvelistv5 – Published: 2025-03-02 15:20 – Updated: 2025-09-01 01:09
    VLAI
    Title
    IBM Cognos Mobile information disclosure
    Summary
    IBM Cognos Analytics Mobile 1.1 for Android could allow a user with physical access to the device, to obtain sensitive information from debugging code log messages.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-215 - Insertion of Sensitive Information Into Debugging Code
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7184430 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Cognos Analytics Mobile Affected: 1.1
        cpe:2.3:a:ibm:cognos_analytics_mobile:1.1:*:*:*:*:android:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-0895",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-03T15:55:24.891775Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-03T15:55:51.751Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:cognos_analytics_mobile:1.1:*:*:*:*:android:*:*"
              ],
              "defaultStatus": "unaffected",
              "platforms": [
                "Android"
              ],
              "product": "Cognos Analytics Mobile",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Cognos Analytics Mobile 1.1 for Android could allow a user with physical access to the device, to obtain sensitive information from debugging code log messages."
                }
              ],
              "value": "IBM Cognos Analytics Mobile 1.1 for Android could allow a user with physical access to the device, to obtain sensitive information from debugging code log messages."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "NONE",
                "baseScore": 2.4,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-215",
                  "description": "CWE-215 Insertion of Sensitive Information Into Debugging Code",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-01T01:09:34.068Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7184430"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Cognos Mobile information disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-0895",
        "datePublished": "2025-03-02T15:20:05.520Z",
        "dateReserved": "2025-01-30T18:37:46.385Z",
        "dateUpdated": "2025-09-01T01:09:34.068Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-38009 (GCVE-0-2023-38009)

    Vulnerability from cvelistv5 – Published: 2025-01-26 15:57 – Updated: 2025-01-27 14:52
    VLAI
    Title
    IBM Cognos Analytics Mobile information disclosure
    Summary
    IBM Cognos Mobile Client 1.1 iOS may be vulnerable to information disclosure through man in the middle techniques due to the lack of certificate pinning.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-295 - Improper Certificate Validation
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Cognos Analytics Mobile Affected: 1.1
        cpe:2.3:a:ibm:cognos_analytics_mobile:1.1:*:*:*:*:ios:*:*
    Create a notification for this product.
    IBM Cognos Analytics Mobile Affected: 1.1
        cpe:2.3:a:ibm:cognos_analytics_mobile:1.1:*:*:*:*:android:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-38009",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-27T14:39:38.494450Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-27T14:52:09.533Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:cognos_analytics_mobile:1.1:*:*:*:*:ios:*:*"
              ],
              "defaultStatus": "unaffected",
              "platforms": [
                "iOS"
              ],
              "product": "Cognos Analytics Mobile",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:ibm:cognos_analytics_mobile:1.1:*:*:*:*:android:*:*"
              ],
              "defaultStatus": "unaffected",
              "platforms": [
                "Android"
              ],
              "product": "Cognos Analytics Mobile",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Cognos Mobile Client 1.1 iOS may be vulnerable to information disclosure through man in the middle techniques due to the lack of certificate pinning."
                }
              ],
              "value": "IBM Cognos Mobile Client 1.1 iOS may be vulnerable to information disclosure through man in the middle techniques due to the lack of certificate pinning."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "NONE",
                "baseScore": 4.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-295",
                  "description": "CWE-295 Improper Certificate Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-26T15:57:42.477Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7172691"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7172692"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Cognos Analytics Mobile information disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2023-38009",
        "datePublished": "2025-01-26T15:57:42.477Z",
        "dateReserved": "2023-07-11T17:33:11.276Z",
        "dateUpdated": "2025-01-27T14:52:09.533Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-39080 (GCVE-0-2021-39080)

    Vulnerability from cvelistv5 – Published: 2022-02-14 17:30 – Updated: 2024-09-16 22:56
    VLAI
    Summary
    Due to weak obfuscation, IBM Cognos Analytics Mobile for Android application prior to version 1.1.14 , an attacker could be able to reverse engineer the codebase to gain knowledge about the programming technique, interface, class definitions, algorithms and functions used. IBM X-Force ID: 215593.
    CWE
    • Obtain Information
    Assigner
    ibm
    References
    Impacted products
    Date Public
    2022-02-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T01:58:17.616Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/6555140"
              },
              {
                "name": "ibm-cognos-cve202139080-info-disc (215593)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/215593"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cognos Analytics Mobile",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1"
                }
              ]
            }
          ],
          "datePublic": "2022-02-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Due to weak obfuscation, IBM Cognos Analytics Mobile for Android application prior to version 1.1.14 , an attacker could be able to reverse engineer the codebase to gain knowledge about the programming technique, interface, class definitions, algorithms and functions used. IBM X-Force ID: 215593."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 4.2,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/I:L/S:U/AV:N/UI:N/PR:N/AC:H/A:N/C:L/RL:O/E:U/RC:C",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Obtain Information",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-02-14T17:30:14.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/pages/node/6555140"
            },
            {
              "name": "ibm-cognos-cve202139080-info-disc (215593)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/215593"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2022-02-11T00:00:00",
              "ID": "CVE-2021-39080",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cognos Analytics Mobile",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Due to weak obfuscation, IBM Cognos Analytics Mobile for Android application prior to version 1.1.14 , an attacker could be able to reverse engineer the codebase to gain knowledge about the programming technique, interface, class definitions, algorithms and functions used. IBM X-Force ID: 215593."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "H",
                  "AV": "N",
                  "C": "L",
                  "I": "L",
                  "PR": "N",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Obtain Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/pages/node/6555140",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 6555140 (Cognos Analytics Mobile)",
                  "url": "https://www.ibm.com/support/pages/node/6555140"
                },
                {
                  "name": "ibm-cognos-cve202139080-info-disc (215593)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/215593"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2021-39080",
        "datePublished": "2022-02-14T17:30:14.400Z",
        "dateReserved": "2021-08-16T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:56:47.755Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-39079 (GCVE-0-2021-39079)

    Vulnerability from cvelistv5 – Published: 2022-02-14 17:30 – Updated: 2024-09-16 18:49
    VLAI
    Summary
    IBM Cognos Analytics Mobile for Android applications prior to version 1.1.14 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 215592.
    CWE
    • Cross-Site Scripting
    Assigner
    ibm
    References
    Impacted products
    Date Public
    2022-02-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T01:58:17.767Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/6555140"
              },
              {
                "name": "ibm-cognos-cve202139079-xss (215592)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/215592"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cognos Analytics Mobile",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1"
                }
              ]
            }
          ],
          "datePublic": "2022-02-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Cognos Analytics Mobile for Android applications prior to version 1.1.14 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 215592."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitCodeMaturity": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "CHANGED",
                "temporalScore": 5.2,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/I:L/AV:N/S:C/PR:L/UI:R/C:L/A:N/AC:L/RC:C/E:H/RL:O",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-Site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-02-14T17:30:12.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/pages/node/6555140"
            },
            {
              "name": "ibm-cognos-cve202139079-xss (215592)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/215592"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2022-02-11T00:00:00",
              "ID": "CVE-2021-39079",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cognos Analytics Mobile",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Cognos Analytics Mobile for Android applications prior to version 1.1.14 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 215592."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "L",
                  "AV": "N",
                  "C": "L",
                  "I": "L",
                  "PR": "L",
                  "S": "C",
                  "UI": "R"
                },
                "TM": {
                  "E": "H",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-Site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/pages/node/6555140",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 6555140 (Cognos Analytics Mobile)",
                  "url": "https://www.ibm.com/support/pages/node/6555140"
                },
                {
                  "name": "ibm-cognos-cve202139079-xss (215592)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/215592"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2021-39079",
        "datePublished": "2022-02-14T17:30:12.634Z",
        "dateReserved": "2021-08-16T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:49:33.228Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }