Primary

Context

IBM Cognos Mobile Client Information Disclosure Vulnerability Due to Lack of Certificate Pinning

Vulnerability

Patched

A vulnerability allowing information disclosure through man-in-the-middle techniques has been identified in IBM Cognos Mobile Client version 1.1 for iOS. This issue arises from the absence of certificate pinning, which could otherwise prevent such interception of data.

Impact

The vulnerability could be exploited to intercept and potentially alter communications between the client and the server, leading to unauthorized access to sensitive information.

Remediation

Users are advised to upgrade to the latest version of IBM Cognos Analytics Mobile from the Apple App Store.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

2.5

exploitability

2.6

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

2.5

exploitability

2.6

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

IBM Cognos Mobile Client Information Disclosure Vulnerability Due to Lack of Certificate Pinning

Vulnerability

Impact

Remediation

Affected Products

IBM Cognos Mobile

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating