CVE-2025-0895

Published Mar 2, 2025

Last updated 14 days ago

Overview

AI description

Generated using AI and has not been reviewed by Intruder. May contain errors.

CVE-2025-0895 is an information disclosure vulnerability affecting IBM Cognos Analytics Mobile version 1.1 for Android. A user with physical access to a device running the affected software could potentially obtain sensitive information from debugging code log messages. This vulnerability has been assigned the Common Weakness Enumeration (CWE) identifier CWE-215, which refers to the insertion of sensitive information into debugging code. This vulnerability was first identified on January 30, 2025, and is considered relatively easy to exploit locally. It does not require any specific authentication to exploit. IBM has published an advisory regarding this vulnerability, and upgrading the affected software is the recommended mitigation strategy.

Description
IBM Cognos Analytics Mobile 1.1 for Android could allow a user with physical access to the device, to obtain sensitive information from debugging code log messages.
Source
psirt@us.ibm.com
NVD status
Received

Risk scores

CVSS 3.1

Type
Primary
Base score
2.4
Impact score
1.4
Exploitability score
0.9
Vector string
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Severity
LOW

Weaknesses

psirt@us.ibm.com
CWE-215

Social media

Hype score
Not currently trending