CVE-2023-38009

IBM Cognos Mobile Client 1.1 iOS may be vulnerable to information disclosure through man in the middle techniques due to the lack of certificate pinning.

CVSS v3 4.2 MEDIUM

4.2^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.5 / Impact : 3.6

Attack Vector PHYSICAL

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.ibm.com/support/pages/node/7172691	Vendor Advisory
https://www.ibm.com/support/pages/node/7172692	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:ibm:cognos_analytics:1.1:*:*:*:*:*:*:*

OR	cpe:2.3:o:apple:iphone_os:-:::::::*
	cpe:2.3:o:google:android:-:::::::*

History

18 Aug 2025, 17:57

Type	Values Removed	Values Added
First Time		Google Apple iphone Os Google android Ibm cognos Analytics Apple Ibm
References	~~() https://www.ibm.com/support/pages/node/7172691 -~~	() https://www.ibm.com/support/pages/node/7172691 - Vendor Advisory
References	~~() https://www.ibm.com/support/pages/node/7172692 -~~	() https://www.ibm.com/support/pages/node/7172692 - Vendor Advisory
Summary		(es) IBM Cognos Mobile Client 1.1 iOS puede ser vulnerable a la divulgación de información mediante técnicas de intermediario (man in the middle) debido a la falta de fijación de certificados.
CPE		cpe:2.3:o:apple:iphone_os:-:::::::* cpe:2.3:a:ibm:cognos_analytics:1.1:::::::* cpe:2.3:o:google:android:-:::::::*

26 Jan 2025, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-01-26 16:15

Updated : 2025-08-18 17:57

NVD link : CVE-2023-38009

Mitre link : CVE-2023-38009

CVE.ORG link : CVE-2023-38009

JSON object : View

Products Affected

apple

iphone_os

ibm

cognos_analytics

google

android

CWE

CWE-295

Improper Certificate Validation

{"id": "CVE-2023-38009", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@us.ibm.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.2, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 0.5}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.2}]}, "published": "2025-01-26T16:15:30.033", "references": [{"url": "https://www.ibm.com/support/pages/node/7172691", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://www.ibm.com/support/pages/node/7172692", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "psirt@us.ibm.com", "description": [{"lang": "en", "value": "CWE-295"}]}], "descriptions": [{"lang": "en", "value": "IBM Cognos Mobile Client 1.1 iOS may be vulnerable to information disclosure through man in the middle techniques due to the lack of certificate pinning."}, {"lang": "es", "value": "IBM Cognos Mobile Client 1.1 iOS puede ser vulnerable a la divulgaci\u00f3n de informaci\u00f3n mediante t\u00e9cnicas de intermediario (man in the middle) debido a la falta de fijaci\u00f3n de certificados."}], "lastModified": "2025-08-18T17:57:33.777", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:cognos_analytics:1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F8DB4C62-6F21-478C-953F-B4778CD52D0A"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B5415705-33E5-46D5-8E4D-9EBADC8C5705"}, {"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@us.ibm.com"}