CVE-2021-39081 — Cleartext Transmission of Sensitive Info in IBM Cognos Analytics Mobile FOR Android

CWE-319 — Cleartext Transmission of Sensitive Info3 documents3 sources

Severity

7.5HIGHNVD

CNA5.9

EPSS

0.1%

top 83.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Cognos Analytics Mobile FOR Android IBM Cognos Analytics Mobile

Timeline

PublishedDec 19

Description

IBM Cognos Analytics Mobile for Android 1.1.14 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5ibm/cognos_analytics_mobile_for_android1.1.14

▶NVDibm/cognos_analytics_mobile1.1.14

🔴Vulnerability Details

GHSA

GHSA-qcgv-qhww-jvg4: IBM Cognos Analytics Mobile for Android 1↗2024-12-19

▶

CVEList

IBM Cognos Analytics Mobile information disclosure↗2024-12-19

▶