{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-36057","assignerOrgId":"9a959283-ebb5-44b6-b705-dcc2bbced522","state":"PUBLISHED","assignerShortName":"ibm","dateReserved":"2025-04-15T21:16:11.325Z","datePublished":"2025-07-21T18:10:32.157Z","dateUpdated":"2025-08-18T01:32:20.671Z"},"containers":{"cna":{"affected":[{"cpes":["cpe:2.3:a:ibm:cognos_analytics_mobile:1.1.0:*:*:*:*:ios:*:*","cpe:2.3:a:ibm:cognos_analytics_mobile:1.1.22:*:*:*:*:ios:*:*"],"defaultStatus":"unaffected","platforms":["iOS"],"product":"Cognos Analytics Mobile","vendor":"IBM","versions":[{"lessThanOrEqual":"1.1.22","status":"affected","version":"1.1.0","versionType":"semver"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 \n\n<span style=\"background-color: rgb(255, 255, 255);\">is vulnerable to authentication bypass by using the Local Authentication Framework library which is not needed as biometric authentication is not used in the application.</span>"}],"value":"IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 \n\nis vulnerable to authentication bypass by using the Local Authentication Framework library which is not needed as biometric authentication is not used in the application."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"PHYSICAL","availabilityImpact":"NONE","baseScore":5.2,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-299","description":"CWE-299 Authentication Bypass Using an Alternate Path or Channel","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"9a959283-ebb5-44b6-b705-dcc2bbced522","shortName":"ibm","dateUpdated":"2025-08-18T01:32:20.671Z"},"references":[{"tags":["vendor-advisory","patch"],"url":"https://www.ibm.com/support/pages/node/7239635"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"IBM encourages customers to update their devices promptly.<br><br>IBM Cognos Analytics Mobile (iOS)  1.1.0 - 1.1.22  IBM Cognos Analytics Mobile (iOS) 1.1.23<br>"}],"value":"IBM encourages customers to update their devices promptly.\n\nIBM Cognos Analytics Mobile (iOS)  1.1.0 - 1.1.22  IBM Cognos Analytics Mobile (iOS) 1.1.23"}],"source":{"discovery":"UNKNOWN"},"title":"IBM Cognos Analytics Mobile (iOS) authentication bypass","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-07-21T18:29:43.076308Z","id":"CVE-2025-36057","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-07-21T18:39:00.437Z"}}]}}