CVE-2025-36057

Published Jul 21, 2025

Last updated 7 months ago

CVSS medium 5.2

Overview

Description: IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 is vulnerable to authentication bypass by using the Local Authentication Framework library which is not needed as biometric authentication is not used in the application.
Source: psirt@us.ibm.com
NVD status: Analyzed
Products: cognos_analytics_mobile

Risk scores

CVSS 3.1

Type: Primary
Base score: 4.6
Impact score: 3.6
Exploitability score: 0.9
Vector string: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Severity: MEDIUM

Weaknesses

psirt@us.ibm.com: CWE-299

Hype score: Not currently trending

CVE-2025-36057 IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 is vulnerable to authentication bypass by using the Local Authentication Framework library which is not neede… https://t.co/S2kHPlD6k4
@CVEnew
21 Jul 2025
173 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ibm:cognos_analytics_mobile:*:*:*:*:*:iphone_os:*:*",
            "matchCriteriaId": "DED20B11-A5FD-49F0-8E4C-1C84B352DCEA",
            "versionEndExcluding": "1.1.23",
            "versionStartIncluding": "1.1.0",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

Related CVEs

References