← back
CVE-2023-38009

IBM Cognos Analytics Mobile information disclosure

CVSS 4.2 MEDIUMEPSS 0.2%CWE-295
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 4.2EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch referenciado
Lifecycle
26 Jan 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
IBM Cognos Mobile Client 1.1 iOS may be vulnerable to information disclosure through man in the middle techniques due to the lack of certificate pinning.
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected products
IBM · Cognos Analytics Mobile

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.ibm.com/support/pages/node/7172691https://www.ibm.com/support/pages/node/7172692