Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Watson Query for Cloud Pak for Data by IBM

    CVE-2024-35160 (GCVE-0-2024-35160)

    Vulnerability from nvd – Published: 2024-11-23 13:48 – Updated: 2024-11-24 12:30
    VLAI
    Title
    IBM Watson Query on Cloud Pak for Data and IBM Db2 Big SQL on Cloud Pak for Data information disclosure
    Summary
    IBM Watson Query on Cloud Pak for Data 1.8, 2.0, 2.1, 2.2 and IBM Db2 Big SQL on Cloud Pak for Data 7.3, 7.4, 7.5, and 7.6 could allow an authenticated user to obtain sensitive information due to insufficient session expiration.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-613 - Insufficient Session Expiration
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Watson Query for Cloud Pak for Data Affected: 1.8, 2.0, 2.1, 2.2
        cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:1.8:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:2.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:2.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:2.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:big_sql:7.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:big_sql:7.4:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:big_sql:7.5:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:big_sql:7.6:*:*:*:*:*:*:*
    Create a notification for this product.
    IBM Db2 Big SQL on Cloud Pak for Data Affected: 7.3, 7.4, 7.5, 7.6
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-35160",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-24T12:30:09.564089Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-24T12:30:18.144Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:1.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:big_sql:7.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:big_sql:7.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:big_sql:7.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:big_sql:7.6:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Watson Query for Cloud Pak for Data",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.8, 2.0, 2.1, 2.2"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Db2 Big SQL on Cloud Pak for Data",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.3, 7.4, 7.5, 7.6"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Watson Query on Cloud Pak for Data 1\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e.8, 2.0, 2.1, 2.2\u003c/span\u003e\u0026nbsp;and IBM Db2 Big SQL on Cloud Pak for Data 7.3, 7.4, 7.5, and 7.6\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ecould allow an authenticated user to obtain sensitive information due to insufficient session expiration.\u003c/span\u003e"
                }
              ],
              "value": "IBM Watson Query on Cloud Pak for Data 1.8, 2.0, 2.1, 2.2\u00a0and IBM Db2 Big SQL on Cloud Pak for Data 7.3, 7.4, 7.5, and 7.6\u00a0could allow an authenticated user to obtain sensitive information due to insufficient session expiration."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-613",
                  "description": "CWE-613 Insufficient Session Expiration",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-23T13:48:16.110Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7168703"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7176947"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Watson Query on Cloud Pak for Data and IBM Db2 Big SQL on Cloud Pak for Data information disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2024-35160",
        "datePublished": "2024-11-23T13:48:16.110Z",
        "dateReserved": "2024-05-09T16:27:47.448Z",
        "dateUpdated": "2024-11-24T12:30:18.144Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-35160 (GCVE-0-2024-35160)

    Vulnerability from cvelistv5 – Published: 2024-11-23 13:48 – Updated: 2024-11-24 12:30
    VLAI
    Title
    IBM Watson Query on Cloud Pak for Data and IBM Db2 Big SQL on Cloud Pak for Data information disclosure
    Summary
    IBM Watson Query on Cloud Pak for Data 1.8, 2.0, 2.1, 2.2 and IBM Db2 Big SQL on Cloud Pak for Data 7.3, 7.4, 7.5, and 7.6 could allow an authenticated user to obtain sensitive information due to insufficient session expiration.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-613 - Insufficient Session Expiration
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Watson Query for Cloud Pak for Data Affected: 1.8, 2.0, 2.1, 2.2
        cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:1.8:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:2.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:2.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:2.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:big_sql:7.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:big_sql:7.4:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:big_sql:7.5:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:big_sql:7.6:*:*:*:*:*:*:*
    Create a notification for this product.
    IBM Db2 Big SQL on Cloud Pak for Data Affected: 7.3, 7.4, 7.5, 7.6
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-35160",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-24T12:30:09.564089Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-24T12:30:18.144Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:1.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:big_sql:7.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:big_sql:7.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:big_sql:7.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:big_sql:7.6:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Watson Query for Cloud Pak for Data",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.8, 2.0, 2.1, 2.2"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Db2 Big SQL on Cloud Pak for Data",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.3, 7.4, 7.5, 7.6"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Watson Query on Cloud Pak for Data 1\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e.8, 2.0, 2.1, 2.2\u003c/span\u003e\u0026nbsp;and IBM Db2 Big SQL on Cloud Pak for Data 7.3, 7.4, 7.5, and 7.6\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ecould allow an authenticated user to obtain sensitive information due to insufficient session expiration.\u003c/span\u003e"
                }
              ],
              "value": "IBM Watson Query on Cloud Pak for Data 1.8, 2.0, 2.1, 2.2\u00a0and IBM Db2 Big SQL on Cloud Pak for Data 7.3, 7.4, 7.5, and 7.6\u00a0could allow an authenticated user to obtain sensitive information due to insufficient session expiration."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-613",
                  "description": "CWE-613 Insufficient Session Expiration",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-23T13:48:16.110Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7168703"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7176947"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Watson Query on Cloud Pak for Data and IBM Db2 Big SQL on Cloud Pak for Data information disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2024-35160",
        "datePublished": "2024-11-23T13:48:16.110Z",
        "dateReserved": "2024-05-09T16:27:47.448Z",
        "dateUpdated": "2024-11-24T12:30:18.144Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }