Information Disclosure Risk in IBM Cognos Mobile Client for iOS
CVE-2023-38009

4.2MEDIUM

Key Information:

Vendor: IBM
Status: Cognos Analytics Mobile
Vendor: CVE Published:; 26 January 2025

What is CVE-2023-38009?

The IBM Cognos Mobile Client for iOS version 1.1 may be susceptible to information disclosure vulnerabilities. This is due to the absence of certificate pinning, which opens the door to man-in-the-middle attacks where an attacker could intercept and access sensitive user data being transmitted over the network. Users are encouraged to implement additional security measures to protect their information.

Affected Version(s)

Cognos Analytics Mobile Android 1.1

Cognos Analytics Mobile iOS 1.1

References

https://www.ibm.com/support/pages/node/7172691

vendor-advisory

https://www.ibm.com/support/pages/node/7172692

vendor-advisory

CVSS V3.1

Score:

4.2

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Physical

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 26, 2025
Vulnerability Reserved
Jul 11, 2023