CVE-2023-38009

Summary

IBM Cognos Mobile Client 1.1 iOS may be vulnerable to information disclosure through man in the middle techniques due to the lack of certificate pinning.

Affected Software

VendorProductVersion RangeStatus
IBMCognos Analytics Mobile1.1affected
IBMCognos Analytics Mobile1.1affected

Weaknesses

  • CWE-295: CWE-295 Improper Certificate Validation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References