CVE-2023-38009
CVSS 3.1 Score 4.2 of 10 (medium)
Details
Published Jan 26, 2025
CWE ID 295
Summary
CVE-2023-38009 is a newly identified vulnerability affecting IBM Cognos Mobile Client 1.1 for iOS devices. This issue allows an attacker to intercept and inspect sensitive information transmitted between the client and the server through man-in-the-middle techniques. The vulnerability arises due to the absence of certificate pinning, making it easier for attackers to impersonate servers and steal data. IBM strongly recommends users update to a patched version of the mobile client to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Vendors
- IBM Corporation