CVE-2025-36057

CWE-2993 documents3 sources
Severity
4.6MEDIUM
EPSS
0.0%
top 96.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Cognos Analytics Mobile
Timeline
PublishedJul 21

Description

IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 is vulnerable to authentication bypass by using the Local Authentication Framework library which is not needed as biometric authentication is not used in the application.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:NExploitability: 0.9 | Impact: 4.2

Affected Packages2 packages

NVDibm/cognos_analytics_mobile1.1.01.1.23
CVEListV5ibm/cognos_analytics_mobile1.1.01.1.22

🔴Vulnerability Details

2
GHSA
GHSA-5j2h-pwp3-258r: IBM Cognos Analytics Mobile (iOS) 12025-07-21
CVEList
IBM Cognos Analytics Mobile (iOS) authentication bypass2025-07-21
CVE-2025-36057 (MEDIUM CVSS 4.6) | IBM Cognos Analytics Mobile (iOS) 1 | cvebase.io