← back
CVE-2025-36106

IBM Cognos Analytics Mobile (iOS) information disclosure

CVSS 6.5 MEDIUMEPSS 0.2%CWE-326
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.5EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch referenciado
Lifecycle
21 Jul 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 could allow malicious actors to view and modify information coming to and from the application which could then be used to access confidential information on the device or network by using a the deprecated or misconfigured AFNetworking library at runtime.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N
Affected products
IBM · Cognos Analytics Mobile

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.ibm.com/support/pages/node/7239635