Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities found for Data Virtualization by IBM
CVE-2024-37526 (GCVE-0-2024-37526)
Vulnerability from cvelistv5 – Published: 2025-01-27 21:53 – Updated: 2025-01-28 15:18
VLAI?
Title
IBM Watson Query on Cloud Pak for Data information disclosure
Summary
IBM Watson Query on Cloud Pak for Data (IBM Data Virtualization 1.8, 2.0, 2.1, 2.2, and 3.0.0) could allow an authenticated user to obtain sensitive information from objects published using Watson Query due to an improper data protection mechanism.
Severity ?
6.5 (Medium)
CWE
- CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Data Virtualization |
Affected:
1.8, 2.0, 2.1, 2.2, 3.0.0
cpe:2.3:a:ibm:data_virtualization_on_cloud_pak_for_data:1.8.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:data_virtualization_on_cloud_pak_for_data:2.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:data_virtualization_on_cloud_pak_for_data:2.1.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:data_virtualization_on_cloud_pak_for_data:2.2.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:data_virtualization_on_cloud_pak_for_data:3.0.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-37526",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-28T14:53:28.695960Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-28T15:18:54.854Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:data_virtualization_on_cloud_pak_for_data:1.8.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:data_virtualization_on_cloud_pak_for_data:2.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:data_virtualization_on_cloud_pak_for_data:2.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:data_virtualization_on_cloud_pak_for_data:2.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:data_virtualization_on_cloud_pak_for_data:3.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Data Virtualization",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "1.8, 2.0, 2.1, 2.2, 3.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Watson Query on Cloud Pak for Data (IBM Data Virtualization\u0026nbsp;1.8, 2.0, 2.1, 2.2, and 3.0.0) could allow an authenticated user to obtain sensitive information from objects published using Watson Query due to an improper data protection mechanism."
}
],
"value": "IBM Watson Query on Cloud Pak for Data (IBM Data Virtualization\u00a01.8, 2.0, 2.1, 2.2, and 3.0.0) could allow an authenticated user to obtain sensitive information from objects published using Watson Query due to an improper data protection mechanism."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-497",
"description": "CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-27T21:53:04.621Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7173774"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Watson Query on Cloud Pak for Data information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-37526",
"datePublished": "2025-01-27T21:53:04.621Z",
"dateReserved": "2024-06-09T13:59:02.606Z",
"dateUpdated": "2025-01-28T15:18:54.854Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-37526 (GCVE-0-2024-37526)
Vulnerability from nvd – Published: 2025-01-27 21:53 – Updated: 2025-01-28 15:18
VLAI?
Title
IBM Watson Query on Cloud Pak for Data information disclosure
Summary
IBM Watson Query on Cloud Pak for Data (IBM Data Virtualization 1.8, 2.0, 2.1, 2.2, and 3.0.0) could allow an authenticated user to obtain sensitive information from objects published using Watson Query due to an improper data protection mechanism.
Severity ?
6.5 (Medium)
CWE
- CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Data Virtualization |
Affected:
1.8, 2.0, 2.1, 2.2, 3.0.0
cpe:2.3:a:ibm:data_virtualization_on_cloud_pak_for_data:1.8.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:data_virtualization_on_cloud_pak_for_data:2.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:data_virtualization_on_cloud_pak_for_data:2.1.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:data_virtualization_on_cloud_pak_for_data:2.2.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:data_virtualization_on_cloud_pak_for_data:3.0.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-37526",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-28T14:53:28.695960Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-28T15:18:54.854Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:data_virtualization_on_cloud_pak_for_data:1.8.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:data_virtualization_on_cloud_pak_for_data:2.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:data_virtualization_on_cloud_pak_for_data:2.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:data_virtualization_on_cloud_pak_for_data:2.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:data_virtualization_on_cloud_pak_for_data:3.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Data Virtualization",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "1.8, 2.0, 2.1, 2.2, 3.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Watson Query on Cloud Pak for Data (IBM Data Virtualization\u0026nbsp;1.8, 2.0, 2.1, 2.2, and 3.0.0) could allow an authenticated user to obtain sensitive information from objects published using Watson Query due to an improper data protection mechanism."
}
],
"value": "IBM Watson Query on Cloud Pak for Data (IBM Data Virtualization\u00a01.8, 2.0, 2.1, 2.2, and 3.0.0) could allow an authenticated user to obtain sensitive information from objects published using Watson Query due to an improper data protection mechanism."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-497",
"description": "CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-27T21:53:04.621Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7173774"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Watson Query on Cloud Pak for Data information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-37526",
"datePublished": "2025-01-27T21:53:04.621Z",
"dateReserved": "2024-06-09T13:59:02.606Z",
"dateUpdated": "2025-01-28T15:18:54.854Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}