CVE-2023-38009

CWE-295Improper Certificate Validation3 documents3 sources
Severity
5.9MEDIUM
EPSS
0.1%
top 81.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Cognos Analytics MobileIBM Cognos Analytics
Timeline
PublishedJan 26

Description

IBM Cognos Mobile Client 1.1 iOS may be vulnerable to information disclosure through man in the middle techniques due to the lack of certificate pinning.

CVSS vector

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 0.5 | Impact: 3.6

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-844j-8v3q-83rf: IBM Cognos Mobile Client 12025-01-26
CVEList
IBM Cognos Analytics Mobile information disclosure2025-01-26
CVE-2023-38009 (MEDIUM CVSS 5.9) | IBM Cognos Mobile Client 1.1 iOS ma | cvebase.io