CVE-2023-38009

IBM Cognos Mobile Client 1.1 iOS may be vulnerable to information disclosure through man in the middle techniques due to the lack of certificate pinning.

CVSS v3 4.2 MEDIUM

4.2^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.5 / Impact : 3.6

Attack Vector PHYSICAL

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.ibm.com/support/pages/node/7172691	Vendor Advisory
https://www.ibm.com/support/pages/node/7172692	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:ibm:cognos_analytics:1.1:*:*:*:*:*:*:*

OR	cpe:2.3:o:apple:iphone_os:-:::::::*
	cpe:2.3:o:google:android:-:::::::*

History

No history.

Information

Published : 2025-01-26 16:15

Updated : 2025-08-18 17:57

NVD link : CVE-2023-38009

Mitre link : CVE-2023-38009

CVE.ORG link : CVE-2023-38009

JSON object : View

Products Affected

ibm

cognos_analytics

apple

iphone_os

google

android

CWE

CWE-295

Improper Certificate Validation

{"id": "CVE-2023-38009", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.2, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 0.5}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.2}]}, "published": "2025-01-26T16:15:30.033", "references": [{"url": "https://www.ibm.com/support/pages/node/7172691", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "https://www.ibm.com/support/pages/node/7172692", "tags": ["Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-295"}]}], "descriptions": [{"lang": "en", "value": "IBM Cognos Mobile Client 1.1 iOS may be vulnerable to information disclosure through man in the middle techniques due to the lack of certificate pinning."}, {"lang": "es", "value": "IBM Cognos Mobile Client 1.1 iOS puede ser vulnerable a la divulgaci\u00f3n de informaci\u00f3n mediante t\u00e9cnicas de intermediario (man in the middle) debido a la falta de fijaci\u00f3n de certificados."}], "lastModified": "2025-08-18T17:57:33.777", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:cognos_analytics:1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F8DB4C62-6F21-478C-953F-B4778CD52D0A"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B5415705-33E5-46D5-8E4D-9EBADC8C5705"}, {"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "[email protected]"}