Search criteria
6 vulnerabilities found for watson_query_with_cloud_pak_for_data by ibm
CVE-2024-22341 (GCVE-0-2024-22341)
Vulnerability from nvd – Published: 2025-02-22 00:38 – Updated: 2025-09-30 13:42
VLAI?
Title
IBM Watson Query on Cloud Pak for Data information disclosure
Summary
IBM Watson Query on Cloud Pak for Data 4.0.0 through 4.0.9, 4.5.0 through 4.5.3, 4.6.0 through 4.6.6, 4.7.0 through 4.7.4, and 4.8.0 through 4.8.7 could allow unauthorized data access from a remote data source object due to improper privilege management.
Severity ?
5.3 (Medium)
CWE
- CWE-73 - External Control of File Name or Path
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Watson Query on Cloud Pak for Data |
Affected:
4.8.0 , ≤ 4.8.7
(semver)
Affected: 4.7.0 , ≤ 4.7.4 (semver) Affected: 4.6.0 , ≤ 4.6.6 (semver) Affected: 4.5.0 , ≤ 4.5.3 (semver) Affected: 4.0.0 , ≤ 4.0.9 (semver) cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.0.9:*:*:*:*:*:*:* cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.5.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.5.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.6.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.6.6:*:*:*:*:*:*:* cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.7.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.7.4:*:*:*:*:*:*:* cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.8.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.8.7:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22341",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-22T15:31:28.746627Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-30T13:42:47.772Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.0.9:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.5.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.6.6:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.7.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.7.4:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.8.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.8.7:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Watson Query on Cloud Pak for Data",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "4.8.7",
"status": "affected",
"version": "4.8.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.7.4",
"status": "affected",
"version": "4.7.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.6.6",
"status": "affected",
"version": "4.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.5.3",
"status": "affected",
"version": "4.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.0.9",
"status": "affected",
"version": "4.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Watson Query on Cloud Pak for Data 4.0.0 through 4.0.9, 4.5.0 through 4.5.3, 4.6.0 through 4.6.6, 4.7.0 through 4.7.4, and 4.8.0 through 4.8.7 could allow unauthorized data access from a remote data source object due to improper privilege management."
}
],
"value": "IBM Watson Query on Cloud Pak for Data 4.0.0 through 4.0.9, 4.5.0 through 4.5.3, 4.6.0 through 4.6.6, 4.7.0 through 4.7.4, and 4.8.0 through 4.8.7 could allow unauthorized data access from a remote data source object due to improper privilege management."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-73",
"description": "CWE-73 External Control of File Name or Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-29T15:02:05.431Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7183851"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Watson Query on Cloud Pak for Data information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-22341",
"datePublished": "2025-02-22T00:38:24.208Z",
"dateReserved": "2024-01-08T23:42:17.267Z",
"dateUpdated": "2025-09-30T13:42:47.772Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-37526 (GCVE-0-2024-37526)
Vulnerability from nvd – Published: 2025-01-27 21:53 – Updated: 2025-01-28 15:18
VLAI?
Title
IBM Watson Query on Cloud Pak for Data information disclosure
Summary
IBM Watson Query on Cloud Pak for Data (IBM Data Virtualization 1.8, 2.0, 2.1, 2.2, and 3.0.0) could allow an authenticated user to obtain sensitive information from objects published using Watson Query due to an improper data protection mechanism.
Severity ?
6.5 (Medium)
CWE
- CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Data Virtualization |
Affected:
1.8, 2.0, 2.1, 2.2, 3.0.0
cpe:2.3:a:ibm:data_virtualization_on_cloud_pak_for_data:1.8.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:data_virtualization_on_cloud_pak_for_data:2.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:data_virtualization_on_cloud_pak_for_data:2.1.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:data_virtualization_on_cloud_pak_for_data:2.2.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:data_virtualization_on_cloud_pak_for_data:3.0.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-37526",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-28T14:53:28.695960Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-28T15:18:54.854Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:data_virtualization_on_cloud_pak_for_data:1.8.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:data_virtualization_on_cloud_pak_for_data:2.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:data_virtualization_on_cloud_pak_for_data:2.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:data_virtualization_on_cloud_pak_for_data:2.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:data_virtualization_on_cloud_pak_for_data:3.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Data Virtualization",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "1.8, 2.0, 2.1, 2.2, 3.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Watson Query on Cloud Pak for Data (IBM Data Virtualization\u0026nbsp;1.8, 2.0, 2.1, 2.2, and 3.0.0) could allow an authenticated user to obtain sensitive information from objects published using Watson Query due to an improper data protection mechanism."
}
],
"value": "IBM Watson Query on Cloud Pak for Data (IBM Data Virtualization\u00a01.8, 2.0, 2.1, 2.2, and 3.0.0) could allow an authenticated user to obtain sensitive information from objects published using Watson Query due to an improper data protection mechanism."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-497",
"description": "CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-27T21:53:04.621Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7173774"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Watson Query on Cloud Pak for Data information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-37526",
"datePublished": "2025-01-27T21:53:04.621Z",
"dateReserved": "2024-06-09T13:59:02.606Z",
"dateUpdated": "2025-01-28T15:18:54.854Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35160 (GCVE-0-2024-35160)
Vulnerability from nvd – Published: 2024-11-23 13:48 – Updated: 2024-11-24 12:30
VLAI?
Title
IBM Watson Query on Cloud Pak for Data and IBM Db2 Big SQL on Cloud Pak for Data information disclosure
Summary
IBM Watson Query on Cloud Pak for Data 1.8, 2.0, 2.1, 2.2 and IBM Db2 Big SQL on Cloud Pak for Data 7.3, 7.4, 7.5, and 7.6 could allow an authenticated user to obtain sensitive information due to insufficient session expiration.
Severity ?
4.3 (Medium)
CWE
- CWE-613 - Insufficient Session Expiration
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| IBM | Watson Query for Cloud Pak for Data |
Affected:
1.8, 2.0, 2.1, 2.2
cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:1.8:*:*:*:*:*:*:* cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:2.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:2.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:2.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:big_sql:7.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:big_sql:7.4:*:*:*:*:*:*:* cpe:2.3:a:ibm:big_sql:7.5:*:*:*:*:*:*:* cpe:2.3:a:ibm:big_sql:7.6:*:*:*:*:*:*:* |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35160",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-24T12:30:09.564089Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-24T12:30:18.144Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:1.8:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:big_sql:7.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:big_sql:7.4:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:big_sql:7.5:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:big_sql:7.6:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Watson Query for Cloud Pak for Data",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "1.8, 2.0, 2.1, 2.2"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Db2 Big SQL on Cloud Pak for Data",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.3, 7.4, 7.5, 7.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Watson Query on Cloud Pak for Data 1\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e.8, 2.0, 2.1, 2.2\u003c/span\u003e\u0026nbsp;and IBM Db2 Big SQL on Cloud Pak for Data 7.3, 7.4, 7.5, and 7.6\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ecould allow an authenticated user to obtain sensitive information due to insufficient session expiration.\u003c/span\u003e"
}
],
"value": "IBM Watson Query on Cloud Pak for Data 1.8, 2.0, 2.1, 2.2\u00a0and IBM Db2 Big SQL on Cloud Pak for Data 7.3, 7.4, 7.5, and 7.6\u00a0could allow an authenticated user to obtain sensitive information due to insufficient session expiration."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-613",
"description": "CWE-613 Insufficient Session Expiration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-23T13:48:16.110Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7168703"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7176947"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Watson Query on Cloud Pak for Data and IBM Db2 Big SQL on Cloud Pak for Data information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-35160",
"datePublished": "2024-11-23T13:48:16.110Z",
"dateReserved": "2024-05-09T16:27:47.448Z",
"dateUpdated": "2024-11-24T12:30:18.144Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-22341 (GCVE-0-2024-22341)
Vulnerability from cvelistv5 – Published: 2025-02-22 00:38 – Updated: 2025-09-30 13:42
VLAI?
Title
IBM Watson Query on Cloud Pak for Data information disclosure
Summary
IBM Watson Query on Cloud Pak for Data 4.0.0 through 4.0.9, 4.5.0 through 4.5.3, 4.6.0 through 4.6.6, 4.7.0 through 4.7.4, and 4.8.0 through 4.8.7 could allow unauthorized data access from a remote data source object due to improper privilege management.
Severity ?
5.3 (Medium)
CWE
- CWE-73 - External Control of File Name or Path
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Watson Query on Cloud Pak for Data |
Affected:
4.8.0 , ≤ 4.8.7
(semver)
Affected: 4.7.0 , ≤ 4.7.4 (semver) Affected: 4.6.0 , ≤ 4.6.6 (semver) Affected: 4.5.0 , ≤ 4.5.3 (semver) Affected: 4.0.0 , ≤ 4.0.9 (semver) cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.0.9:*:*:*:*:*:*:* cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.5.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.5.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.6.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.6.6:*:*:*:*:*:*:* cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.7.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.7.4:*:*:*:*:*:*:* cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.8.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.8.7:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22341",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-22T15:31:28.746627Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-30T13:42:47.772Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.0.9:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.5.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.6.6:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.7.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.7.4:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.8.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.8.7:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Watson Query on Cloud Pak for Data",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "4.8.7",
"status": "affected",
"version": "4.8.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.7.4",
"status": "affected",
"version": "4.7.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.6.6",
"status": "affected",
"version": "4.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.5.3",
"status": "affected",
"version": "4.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.0.9",
"status": "affected",
"version": "4.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Watson Query on Cloud Pak for Data 4.0.0 through 4.0.9, 4.5.0 through 4.5.3, 4.6.0 through 4.6.6, 4.7.0 through 4.7.4, and 4.8.0 through 4.8.7 could allow unauthorized data access from a remote data source object due to improper privilege management."
}
],
"value": "IBM Watson Query on Cloud Pak for Data 4.0.0 through 4.0.9, 4.5.0 through 4.5.3, 4.6.0 through 4.6.6, 4.7.0 through 4.7.4, and 4.8.0 through 4.8.7 could allow unauthorized data access from a remote data source object due to improper privilege management."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-73",
"description": "CWE-73 External Control of File Name or Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-29T15:02:05.431Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7183851"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Watson Query on Cloud Pak for Data information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-22341",
"datePublished": "2025-02-22T00:38:24.208Z",
"dateReserved": "2024-01-08T23:42:17.267Z",
"dateUpdated": "2025-09-30T13:42:47.772Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-37526 (GCVE-0-2024-37526)
Vulnerability from cvelistv5 – Published: 2025-01-27 21:53 – Updated: 2025-01-28 15:18
VLAI?
Title
IBM Watson Query on Cloud Pak for Data information disclosure
Summary
IBM Watson Query on Cloud Pak for Data (IBM Data Virtualization 1.8, 2.0, 2.1, 2.2, and 3.0.0) could allow an authenticated user to obtain sensitive information from objects published using Watson Query due to an improper data protection mechanism.
Severity ?
6.5 (Medium)
CWE
- CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Data Virtualization |
Affected:
1.8, 2.0, 2.1, 2.2, 3.0.0
cpe:2.3:a:ibm:data_virtualization_on_cloud_pak_for_data:1.8.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:data_virtualization_on_cloud_pak_for_data:2.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:data_virtualization_on_cloud_pak_for_data:2.1.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:data_virtualization_on_cloud_pak_for_data:2.2.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:data_virtualization_on_cloud_pak_for_data:3.0.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-37526",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-28T14:53:28.695960Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-28T15:18:54.854Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:data_virtualization_on_cloud_pak_for_data:1.8.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:data_virtualization_on_cloud_pak_for_data:2.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:data_virtualization_on_cloud_pak_for_data:2.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:data_virtualization_on_cloud_pak_for_data:2.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:data_virtualization_on_cloud_pak_for_data:3.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Data Virtualization",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "1.8, 2.0, 2.1, 2.2, 3.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Watson Query on Cloud Pak for Data (IBM Data Virtualization\u0026nbsp;1.8, 2.0, 2.1, 2.2, and 3.0.0) could allow an authenticated user to obtain sensitive information from objects published using Watson Query due to an improper data protection mechanism."
}
],
"value": "IBM Watson Query on Cloud Pak for Data (IBM Data Virtualization\u00a01.8, 2.0, 2.1, 2.2, and 3.0.0) could allow an authenticated user to obtain sensitive information from objects published using Watson Query due to an improper data protection mechanism."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-497",
"description": "CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-27T21:53:04.621Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7173774"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Watson Query on Cloud Pak for Data information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-37526",
"datePublished": "2025-01-27T21:53:04.621Z",
"dateReserved": "2024-06-09T13:59:02.606Z",
"dateUpdated": "2025-01-28T15:18:54.854Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35160 (GCVE-0-2024-35160)
Vulnerability from cvelistv5 – Published: 2024-11-23 13:48 – Updated: 2024-11-24 12:30
VLAI?
Title
IBM Watson Query on Cloud Pak for Data and IBM Db2 Big SQL on Cloud Pak for Data information disclosure
Summary
IBM Watson Query on Cloud Pak for Data 1.8, 2.0, 2.1, 2.2 and IBM Db2 Big SQL on Cloud Pak for Data 7.3, 7.4, 7.5, and 7.6 could allow an authenticated user to obtain sensitive information due to insufficient session expiration.
Severity ?
4.3 (Medium)
CWE
- CWE-613 - Insufficient Session Expiration
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| IBM | Watson Query for Cloud Pak for Data |
Affected:
1.8, 2.0, 2.1, 2.2
cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:1.8:*:*:*:*:*:*:* cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:2.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:2.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:2.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:big_sql:7.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:big_sql:7.4:*:*:*:*:*:*:* cpe:2.3:a:ibm:big_sql:7.5:*:*:*:*:*:*:* cpe:2.3:a:ibm:big_sql:7.6:*:*:*:*:*:*:* |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35160",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-24T12:30:09.564089Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-24T12:30:18.144Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:1.8:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:big_sql:7.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:big_sql:7.4:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:big_sql:7.5:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:big_sql:7.6:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Watson Query for Cloud Pak for Data",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "1.8, 2.0, 2.1, 2.2"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Db2 Big SQL on Cloud Pak for Data",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.3, 7.4, 7.5, 7.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Watson Query on Cloud Pak for Data 1\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e.8, 2.0, 2.1, 2.2\u003c/span\u003e\u0026nbsp;and IBM Db2 Big SQL on Cloud Pak for Data 7.3, 7.4, 7.5, and 7.6\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ecould allow an authenticated user to obtain sensitive information due to insufficient session expiration.\u003c/span\u003e"
}
],
"value": "IBM Watson Query on Cloud Pak for Data 1.8, 2.0, 2.1, 2.2\u00a0and IBM Db2 Big SQL on Cloud Pak for Data 7.3, 7.4, 7.5, and 7.6\u00a0could allow an authenticated user to obtain sensitive information due to insufficient session expiration."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-613",
"description": "CWE-613 Insufficient Session Expiration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-23T13:48:16.110Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7168703"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7176947"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Watson Query on Cloud Pak for Data and IBM Db2 Big SQL on Cloud Pak for Data information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-35160",
"datePublished": "2024-11-23T13:48:16.110Z",
"dateReserved": "2024-05-09T16:27:47.448Z",
"dateUpdated": "2024-11-24T12:30:18.144Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}