CVE-2025-36057
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-07-21
Last updated on: 2025-08-07
Assigner: IBM Corporation
Description
Description
IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22
is vulnerable to authentication bypass by using the Local Authentication Framework library which is not needed as biometric authentication is not used in the application.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ibm | cognos_analytics_mobile | From 1.1.0 (inc) to 1.1.23 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-299 | The product does not check or incorrectly checks the revocation status of a certificate, which may cause it to use a certificate that has been compromised. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in IBM Cognos Analytics Mobile (iOS) versions 1.1.0 through 1.1.22 allows an attacker to bypass authentication by exploiting the Local Authentication Framework library, which is not necessary because the application does not use biometric authentication.
How can this vulnerability impact me? :
The vulnerability can allow unauthorized users to bypass authentication, potentially leading to unauthorized access to the application and its data, which could compromise the confidentiality and integrity of sensitive information.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70