CVE-2025-36106

CWE-3263 documents3 sources
Severity
8.2HIGH
EPSS
0.0%
top 93.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Cognos Analytics Mobile
Timeline
PublishedJul 21

Description

IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 could allow malicious actors to view and modify information coming to and from the application which could then be used to access confidential information on the device or network by using a the deprecated or misconfigured AFNetworking library at runtime.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:NExploitability: 2.2 | Impact: 4.2

Affected Packages2 packages

NVDibm/cognos_analytics_mobile1.1.01.1.23
CVEListV5ibm/cognos_analytics_mobile1.1.01.1.22

🔴Vulnerability Details

2
CVEList
IBM Cognos Analytics Mobile (iOS) information disclosure2025-07-21
GHSA
GHSA-cf6w-gmcc-mj3m: IBM Cognos Analytics Mobile (iOS) 12025-07-21
CVE-2025-36106 (HIGH CVSS 8.2) | IBM Cognos Analytics Mobile (iOS) 1 | cvebase.io