{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-36057", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2025-04-15T21:16:11.325Z", "datePublished": "2025-07-21T18:10:32.157Z", "dateUpdated": "2025-08-18T01:32:20.671Z"}, "containers": {"cna": {"affected": [{"cpes": ["cpe:2.3:a:ibm:cognos_analytics_mobile:1.1.0:*:*:*:*:ios:*:*", "cpe:2.3:a:ibm:cognos_analytics_mobile:1.1.22:*:*:*:*:ios:*:*"], "defaultStatus": "unaffected", "platforms": ["iOS"], "product": "Cognos Analytics Mobile", "vendor": "IBM", "versions": [{"lessThanOrEqual": "1.1.22", "status": "affected", "version": "1.1.0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 \n\n<span style=\"background-color: rgb(255, 255, 255);\">is vulnerable to authentication bypass by using the Local Authentication Framework library which is not needed as biometric authentication is not used in the application.</span>"}], "value": "IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 \n\nis vulnerable to authentication bypass by using the Local Authentication Framework library which is not needed as biometric authentication is not used in the application."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "baseScore": 5.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-299", "description": "CWE-299 Authentication Bypass Using an Alternate Path or Channel", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2025-08-18T01:32:20.671Z"}, "references": [{"tags": ["vendor-advisory", "patch"], "url": "https://www.ibm.com/support/pages/node/7239635"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "IBM encourages customers to update their devices promptly.<br><br>IBM Cognos Analytics Mobile (iOS) 1.1.0 - 1.1.22 IBM Cognos Analytics Mobile (iOS) 1.1.23<br>"}], "value": "IBM encourages customers to update their devices promptly.\n\nIBM Cognos Analytics Mobile (iOS) 1.1.0 - 1.1.22 IBM Cognos Analytics Mobile (iOS) 1.1.23"}], "source": {"discovery": "UNKNOWN"}, "title": "IBM Cognos Analytics Mobile (iOS) authentication bypass", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-21T18:29:43.076308Z", "id": "CVE-2025-36057", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-21T18:39:00.437Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-36057", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-07-21T18:29:43.076308Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-21T18:37:41.067Z"}}], "cna": {"title": "IBM Cognos Analytics Mobile (iOS) authentication bypass", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.2, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"cpes": ["cpe:2.3:a:ibm:cognos_analytics_mobile:1.1.0:*:*:*:*:ios:*:*", "cpe:2.3:a:ibm:cognos_analytics_mobile:1.1.22:*:*:*:*:ios:*:*"], "vendor": "IBM", "product": "Cognos Analytics Mobile", "versions": [{"status": "affected", "version": "1.1.0", "versionType": "semver", "lessThanOrEqual": "1.1.22"}], "platforms": ["iOS"], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "IBM encourages customers to update their devices promptly.\n\nIBM Cognos Analytics Mobile (iOS) 1.1.0 - 1.1.22 IBM Cognos Analytics Mobile (iOS) 1.1.23", "supportingMedia": [{"type": "text/html", "value": "IBM encourages customers to update their devices promptly.<br><br>IBM Cognos Analytics Mobile (iOS) 1.1.0 - 1.1.22 IBM Cognos Analytics Mobile (iOS) 1.1.23<br>", "base64": false}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7239635", "tags": ["vendor-advisory", "patch"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 \n\nis vulnerable to authentication bypass by using the Local Authentication Framework library which is not needed as biometric authentication is not used in the application.", "supportingMedia": [{"type": "text/html", "value": "IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 \n\n<span style=\"background-color: rgb(255, 255, 255);\">is vulnerable to authentication bypass by using the Local Authentication Framework library which is not needed as biometric authentication is not used in the application.</span>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-299", "description": "CWE-299 Authentication Bypass Using an Alternate Path or Channel"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2025-08-18T01:32:20.671Z"}}}, "cveMetadata": {"cveId": "CVE-2025-36057", "state": "PUBLISHED", "dateUpdated": "2025-08-18T01:32:20.671Z", "dateReserved": "2025-04-15T21:16:11.325Z", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "datePublished": "2025-07-21T18:10:32.157Z", "assignerShortName": "ibm"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:cognos_analytics_mobile:*:*:*:*:*:iphone_os:*:*", "matchCriteriaId": "DED20B11-A5FD-49F0-8E4C-1C84B352DCEA", "versionEndExcluding": "1.1.23", "versionStartIncluding": "1.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 \n\nis vulnerable to authentication bypass by using the Local Authentication Framework library which is not needed as biometric authentication is not used in the application."}, {"lang": "es", "value": "IBM Cognos Analytics Mobile (iOS) 1.1.0 a 1.1.22 es vulnerable a la omisi\u00f3n de autenticaci\u00f3n mediante el uso de la librer\u00eda Local Authentication Framework, que no es necesaria ya que no se utiliza autenticaci\u00f3n biom\u00e9trica en la aplicaci\u00f3n."}], "id": "CVE-2025-36057", "lastModified": "2025-08-07T00:43:35.270", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "baseScore": 5.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 4.2, "source": "psirt@us.ibm.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-07-21T19:15:28.840", "references": [{"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/7239635"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-299"}], "source": "psirt@us.ibm.com", "type": "Primary"}]}

{}