CVE-2025-36057

IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 is vulnerable to authentication bypass by using the Local Authentication Framework library which is not needed as biometric authentication is not used in the application.

CVSS v3 5.2 MEDIUM

5.2^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.9 / Impact : 4.2

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.ibm.com/support/pages/node/7239635	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:ibm:cognos_analytics_mobile:*:*:*:*:*:iphone_os:*:*

History

No history.

Information

Published : 2025-07-21 19:15

Updated : 2025-08-07 00:43

NVD link : CVE-2025-36057

Mitre link : CVE-2025-36057

CVE.ORG link : CVE-2025-36057

JSON object : View

Products Affected

ibm

cognos_analytics_mobile

CWE

CWE-299

Improper Check for Certificate Revocation

{"id": "CVE-2025-36057", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.2, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 4.2, "exploitabilityScore": 0.9}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.6, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 0.9}]}, "published": "2025-07-21T19:15:28.840", "references": [{"url": "https://www.ibm.com/support/pages/node/7239635", "tags": ["Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-299"}]}], "descriptions": [{"lang": "en", "value": "IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 \n\nis vulnerable to authentication bypass by using the Local Authentication Framework library which is not needed as biometric authentication is not used in the application."}, {"lang": "es", "value": "IBM Cognos Analytics Mobile (iOS) 1.1.0 a 1.1.22 es vulnerable a la omisi\u00f3n de autenticaci\u00f3n mediante el uso de la librer\u00eda Local Authentication Framework, que no es necesaria ya que no se utiliza autenticaci\u00f3n biom\u00e9trica en la aplicaci\u00f3n."}], "lastModified": "2025-08-07T00:43:35.270", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:cognos_analytics_mobile:*:*:*:*:*:iphone_os:*:*", "vulnerable": true, "matchCriteriaId": "DED20B11-A5FD-49F0-8E4C-1C84B352DCEA", "versionEndExcluding": "1.1.23", "versionStartIncluding": "1.1.0"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}