CVE-2025-36106

IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 could allow malicious actors to view and modify information coming to and from the application which could then be used to access confidential information on the device or network by using a the deprecated or misconfigured AFNetworking library at runtime.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.2 / Impact : 4.2

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.ibm.com/support/pages/node/7239635	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:ibm:cognos_analytics_mobile:*:*:*:*:*:iphone_os:*:*

History

07 Aug 2025, 00:36

Type	Values Removed	Values Added
CPE		cpe:2.3:a:ibm:cognos_analytics_mobile::::::iphone_os::*
References	~~() https://www.ibm.com/support/pages/node/7239635 -~~	() https://www.ibm.com/support/pages/node/7239635 - Vendor Advisory
First Time		Ibm Ibm cognos Analytics Mobile
Summary		(es) IBM Cognos Analytics Mobile (iOS) 1.1.0 a 1.1.22 podría permitir que actores maliciosos vean y modifiquen información que entra y sale de la aplicación, la cual luego podría usarse para acceder a información confidencial en el dispositivo o la red mediante una librería AFNetworking obsoleta o mal configurada en tiempo de ejecución.

21 Jul 2025, 19:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-21 19:15

Updated : 2025-08-07 00:36

NVD link : CVE-2025-36106

Mitre link : CVE-2025-36106

CVE.ORG link : CVE-2025-36106

JSON object : View

Products Affected

ibm

cognos_analytics_mobile

CWE

CWE-326

Inadequate Encryption Strength

{"id": "CVE-2025-36106", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@us.ibm.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 4.2, "exploitabilityScore": 2.2}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 4.2, "exploitabilityScore": 3.9}]}, "published": "2025-07-21T19:15:29.157", "references": [{"url": "https://www.ibm.com/support/pages/node/7239635", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "psirt@us.ibm.com", "description": [{"lang": "en", "value": "CWE-326"}]}], "descriptions": [{"lang": "en", "value": "IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 could allow malicious actors to view and modify information coming to and from the application which could then be used to access confidential information on the device or network by using a the deprecated or misconfigured AFNetworking library at runtime."}, {"lang": "es", "value": "IBM Cognos Analytics Mobile (iOS) 1.1.0 a 1.1.22 podr\u00eda permitir que actores maliciosos vean y modifiquen informaci\u00f3n que entra y sale de la aplicaci\u00f3n, la cual luego podr\u00eda usarse para acceder a informaci\u00f3n confidencial en el dispositivo o la red mediante una librer\u00eda AFNetworking obsoleta o mal configurada en tiempo de ejecuci\u00f3n."}], "lastModified": "2025-08-07T00:36:14.247", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:cognos_analytics_mobile:*:*:*:*:*:iphone_os:*:*", "vulnerable": true, "matchCriteriaId": "DED20B11-A5FD-49F0-8E4C-1C84B352DCEA", "versionEndExcluding": "1.1.23", "versionStartIncluding": "1.1.0"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}