Vulnerability-Lookup

Search criteria

Vendor

Product

Assigner

Sources

Sort by

Order

CVE-2024-37526 (GCVE-0-2024-37526)

Vulnerability from nvd – Published: 2025-01-27 21:53 – Updated: 2025-01-28 15:18

Title

IBM Watson Query on Cloud Pak for Data information disclosure

Summary

IBM Watson Query on Cloud Pak for Data (IBM Data Virtualization 1.8, 2.0, 2.1, 2.2, and 3.0.0) could allow an authenticated user to obtain sensitive information from objects published using Watson Query due to an improper data protection mechanism.

Severity ?

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere

Assigner

ibm

References

URL

Tags

https://www.ibm.com/support/pages/node/7173774

Impacted products

	Vendor	Product	Version
	IBM	Data Virtualization	Affected: 1.8, 2.0, 2.1, 2.2, 3.0.0 cpe:2.3:a:ibm:data_virtualization_on_cloud_pak_for_data:1.8.0:::::::* cpe:2.3:a:ibm:data_virtualization_on_cloud_pak_for_data:2.0.0:::::::* cpe:2.3:a:ibm:data_virtualization_on_cloud_pak_for_data:2.1.0:::::::* cpe:2.3:a:ibm:data_virtualization_on_cloud_pak_for_data:2.2.0:::::::* cpe:2.3:a:ibm:data_virtualization_on_cloud_pak_for_data:3.0.0:::::::*

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-37526",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-28T14:53:28.695960Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-28T15:18:54.854Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:data_virtualization_on_cloud_pak_for_data:1.8.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:data_virtualization_on_cloud_pak_for_data:2.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:data_virtualization_on_cloud_pak_for_data:2.1.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:data_virtualization_on_cloud_pak_for_data:2.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:data_virtualization_on_cloud_pak_for_data:3.0.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Data Virtualization",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "1.8, 2.0, 2.1, 2.2, 3.0.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Watson Query on Cloud Pak for Data (IBM Data Virtualization\u0026nbsp;1.8, 2.0, 2.1, 2.2, and 3.0.0) could allow an authenticated user to obtain sensitive information from objects published using Watson Query due to an improper data protection mechanism."
            }
          ],
          "value": "IBM Watson Query on Cloud Pak for Data (IBM Data Virtualization\u00a01.8, 2.0, 2.1, 2.2, and 3.0.0) could allow an authenticated user to obtain sensitive information from objects published using Watson Query due to an improper data protection mechanism."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-497",
              "description": "CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-27T21:53:04.621Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "url": "https://www.ibm.com/support/pages/node/7173774"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Watson Query on Cloud Pak for Data information disclosure",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2024-37526",
    "datePublished": "2025-01-27T21:53:04.621Z",
    "dateReserved": "2024-06-09T13:59:02.606Z",
    "dateUpdated": "2025-01-28T15:18:54.854Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-38971 (GCVE-0-2021-38971)

Vulnerability from nvd – Published: 2022-03-14 17:00 – Updated: 2024-09-17 01:06

Summary

IBM Data Virtualization on Cloud Pak for Data 1.3.0, 1.4.1, 1.5.0, 1.7.1 and 1.7.3 could allow an authorized user to bypass data masking rules and obtain sensitve information. IBM X-Force ID: 212620.

Severity ?

4.9 (Medium)


                        
                          CVSS:3.0/S:U/I:N/UI:N/AC:L/PR:H/C:H/AV:N/A:N/RC:C/RL:O/E:U

CWE

Obtain Information

Assigner

ibm

References

URL

Tags

	https://www.ibm.com/support/pages/node/6551076	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF

Impacted products

	Vendor	Product	Version
	IBM	Data Virtualization on Cloud Pak for Data	Affected: 1.3.0 Affected: 1.5.0 Affected: 1.7.1 Affected: 1.7.3 Affected: 1.4.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T01:51:20.825Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6551076"
          },
          {
            "name": "ibm-cp-cve202138971-info-disc (212620)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/212620"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Data Virtualization on Cloud Pak for Data",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "1.3.0"
            },
            {
              "status": "affected",
              "version": "1.5.0"
            },
            {
              "status": "affected",
              "version": "1.7.1"
            },
            {
              "status": "affected",
              "version": "1.7.3"
            },
            {
              "status": "affected",
              "version": "1.4.1"
            }
          ]
        }
      ],
      "datePublic": "2022-03-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Data Virtualization on Cloud Pak for Data 1.3.0, 1.4.1, 1.5.0, 1.7.1 and 1.7.3 could allow an authorized user to bypass data masking rules and obtain sensitve information. IBM X-Force ID: 212620."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 4.3,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/S:U/I:N/UI:N/AC:L/PR:H/C:H/AV:N/A:N/RC:C/RL:O/E:U",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-03-14T17:00:21",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6551076"
        },
        {
          "name": "ibm-cp-cve202138971-info-disc (212620)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/212620"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2022-03-11T00:00:00",
          "ID": "CVE-2021-38971",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Data Virtualization on Cloud Pak for Data",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "1.3.0"
                          },
                          {
                            "version_value": "1.5.0"
                          },
                          {
                            "version_value": "1.7.1"
                          },
                          {
                            "version_value": "1.7.3"
                          },
                          {
                            "version_value": "1.4.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Data Virtualization on Cloud Pak for Data 1.3.0, 1.4.1, 1.5.0, 1.7.1 and 1.7.3 could allow an authorized user to bypass data masking rules and obtain sensitve information. IBM X-Force ID: 212620."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "H",
              "I": "N",
              "PR": "H",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6551076",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6551076 (Data Virtualization on Cloud Pak for Data)",
              "url": "https://www.ibm.com/support/pages/node/6551076"
            },
            {
              "name": "ibm-cp-cve202138971-info-disc (212620)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/212620"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2021-38971",
    "datePublished": "2022-03-14T17:00:21.310191Z",
    "dateReserved": "2021-08-16T00:00:00",
    "dateUpdated": "2024-09-17T01:06:09.137Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-37526 (GCVE-0-2024-37526)

Vulnerability from cvelistv5 – Published: 2025-01-27 21:53 – Updated: 2025-01-28 15:18

Title

IBM Watson Query on Cloud Pak for Data information disclosure

Summary

IBM Watson Query on Cloud Pak for Data (IBM Data Virtualization 1.8, 2.0, 2.1, 2.2, and 3.0.0) could allow an authenticated user to obtain sensitive information from objects published using Watson Query due to an improper data protection mechanism.

Severity ?

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere

Assigner

ibm

References

URL

Tags

https://www.ibm.com/support/pages/node/7173774

Impacted products

	Vendor	Product	Version
	IBM	Data Virtualization	Affected: 1.8, 2.0, 2.1, 2.2, 3.0.0 cpe:2.3:a:ibm:data_virtualization_on_cloud_pak_for_data:1.8.0:::::::* cpe:2.3:a:ibm:data_virtualization_on_cloud_pak_for_data:2.0.0:::::::* cpe:2.3:a:ibm:data_virtualization_on_cloud_pak_for_data:2.1.0:::::::* cpe:2.3:a:ibm:data_virtualization_on_cloud_pak_for_data:2.2.0:::::::* cpe:2.3:a:ibm:data_virtualization_on_cloud_pak_for_data:3.0.0:::::::*

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-37526",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-28T14:53:28.695960Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-28T15:18:54.854Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:data_virtualization_on_cloud_pak_for_data:1.8.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:data_virtualization_on_cloud_pak_for_data:2.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:data_virtualization_on_cloud_pak_for_data:2.1.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:data_virtualization_on_cloud_pak_for_data:2.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:data_virtualization_on_cloud_pak_for_data:3.0.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Data Virtualization",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "1.8, 2.0, 2.1, 2.2, 3.0.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Watson Query on Cloud Pak for Data (IBM Data Virtualization\u0026nbsp;1.8, 2.0, 2.1, 2.2, and 3.0.0) could allow an authenticated user to obtain sensitive information from objects published using Watson Query due to an improper data protection mechanism."
            }
          ],
          "value": "IBM Watson Query on Cloud Pak for Data (IBM Data Virtualization\u00a01.8, 2.0, 2.1, 2.2, and 3.0.0) could allow an authenticated user to obtain sensitive information from objects published using Watson Query due to an improper data protection mechanism."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-497",
              "description": "CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-27T21:53:04.621Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "url": "https://www.ibm.com/support/pages/node/7173774"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Watson Query on Cloud Pak for Data information disclosure",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2024-37526",
    "datePublished": "2025-01-27T21:53:04.621Z",
    "dateReserved": "2024-06-09T13:59:02.606Z",
    "dateUpdated": "2025-01-28T15:18:54.854Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-38971 (GCVE-0-2021-38971)

Vulnerability from cvelistv5 – Published: 2022-03-14 17:00 – Updated: 2024-09-17 01:06

Summary

IBM Data Virtualization on Cloud Pak for Data 1.3.0, 1.4.1, 1.5.0, 1.7.1 and 1.7.3 could allow an authorized user to bypass data masking rules and obtain sensitve information. IBM X-Force ID: 212620.

Severity ?

4.9 (Medium)


                        
                          CVSS:3.0/S:U/I:N/UI:N/AC:L/PR:H/C:H/AV:N/A:N/RC:C/RL:O/E:U

CWE

Obtain Information

Assigner

ibm

References

URL

Tags

	https://www.ibm.com/support/pages/node/6551076	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF

Impacted products

	Vendor	Product	Version
	IBM	Data Virtualization on Cloud Pak for Data	Affected: 1.3.0 Affected: 1.5.0 Affected: 1.7.1 Affected: 1.7.3 Affected: 1.4.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T01:51:20.825Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6551076"
          },
          {
            "name": "ibm-cp-cve202138971-info-disc (212620)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/212620"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Data Virtualization on Cloud Pak for Data",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "1.3.0"
            },
            {
              "status": "affected",
              "version": "1.5.0"
            },
            {
              "status": "affected",
              "version": "1.7.1"
            },
            {
              "status": "affected",
              "version": "1.7.3"
            },
            {
              "status": "affected",
              "version": "1.4.1"
            }
          ]
        }
      ],
      "datePublic": "2022-03-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Data Virtualization on Cloud Pak for Data 1.3.0, 1.4.1, 1.5.0, 1.7.1 and 1.7.3 could allow an authorized user to bypass data masking rules and obtain sensitve information. IBM X-Force ID: 212620."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 4.3,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/S:U/I:N/UI:N/AC:L/PR:H/C:H/AV:N/A:N/RC:C/RL:O/E:U",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-03-14T17:00:21",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6551076"
        },
        {
          "name": "ibm-cp-cve202138971-info-disc (212620)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/212620"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2022-03-11T00:00:00",
          "ID": "CVE-2021-38971",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Data Virtualization on Cloud Pak for Data",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "1.3.0"
                          },
                          {
                            "version_value": "1.5.0"
                          },
                          {
                            "version_value": "1.7.1"
                          },
                          {
                            "version_value": "1.7.3"
                          },
                          {
                            "version_value": "1.4.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Data Virtualization on Cloud Pak for Data 1.3.0, 1.4.1, 1.5.0, 1.7.1 and 1.7.3 could allow an authorized user to bypass data masking rules and obtain sensitve information. IBM X-Force ID: 212620."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "H",
              "I": "N",
              "PR": "H",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6551076",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6551076 (Data Virtualization on Cloud Pak for Data)",
              "url": "https://www.ibm.com/support/pages/node/6551076"
            },
            {
              "name": "ibm-cp-cve202138971-info-disc (212620)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/212620"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2021-38971",
    "datePublished": "2022-03-14T17:00:21.310191Z",
    "dateReserved": "2021-08-16T00:00:00",
    "dateUpdated": "2024-09-17T01:06:09.137Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Search criteria

4 vulnerabilities found for data_virtualization_on_cloud_pak_for_data by ibm

CVE-2024-37526 (GCVE-0-2024-37526)

CVE-2021-38971 (GCVE-0-2021-38971)

CVE-2024-37526 (GCVE-0-2024-37526)

CVE-2021-38971 (GCVE-0-2021-38971)