CVE-2023-38009 MEDIUM

CVE-2023-38009: IBM Cognos Analytics Mobile information disclosure

Vendor Ibm
Product Cognos Analytics Mobile
Weakness CWE-295
Published January 26, 2025
Last update January 27, 2025

CVSS base score

4.2/10
Attack vector Physical
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

IBM Cognos Mobile Client 1.1 iOS may be vulnerable to information disclosure through man in the middle techniques due to the lack of certificate pinning.

Key dates

02Disclosure timeline

January 26, 2025 CVE published
January 27, 2025 Record updated