Search criteria
2 vulnerabilities found for Watson Query on Cloud Pak for Data by IBM
CVE-2024-22341 (GCVE-0-2024-22341)
Vulnerability from cvelistv5 – Published: 2025-02-22 00:38 – Updated: 2025-09-30 13:42
VLAI?
Summary
IBM Watson Query on Cloud Pak for Data 4.0.0 through 4.0.9, 4.5.0 through 4.5.3, 4.6.0 through 4.6.6, 4.7.0 through 4.7.4, and 4.8.0 through 4.8.7 could allow unauthorized data access from a remote data source object due to improper privilege management.
Severity ?
5.3 (Medium)
CWE
- CWE-73 - External Control of File Name or Path
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Watson Query on Cloud Pak for Data |
Affected:
4.8.0 , ≤ 4.8.7
(semver)
Affected: 4.7.0 , ≤ 4.7.4 (semver) Affected: 4.6.0 , ≤ 4.6.6 (semver) Affected: 4.5.0 , ≤ 4.5.3 (semver) Affected: 4.0.0 , ≤ 4.0.9 (semver) cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.0.9:*:*:*:*:*:*:* cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.5.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.5.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.6.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.6.6:*:*:*:*:*:*:* cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.7.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.7.4:*:*:*:*:*:*:* cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.8.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.8.7:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22341",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-22T15:31:28.746627Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-30T13:42:47.772Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.0.9:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.5.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.6.6:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.7.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.7.4:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.8.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.8.7:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Watson Query on Cloud Pak for Data",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "4.8.7",
"status": "affected",
"version": "4.8.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.7.4",
"status": "affected",
"version": "4.7.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.6.6",
"status": "affected",
"version": "4.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.5.3",
"status": "affected",
"version": "4.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.0.9",
"status": "affected",
"version": "4.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Watson Query on Cloud Pak for Data 4.0.0 through 4.0.9, 4.5.0 through 4.5.3, 4.6.0 through 4.6.6, 4.7.0 through 4.7.4, and 4.8.0 through 4.8.7 could allow unauthorized data access from a remote data source object due to improper privilege management."
}
],
"value": "IBM Watson Query on Cloud Pak for Data 4.0.0 through 4.0.9, 4.5.0 through 4.5.3, 4.6.0 through 4.6.6, 4.7.0 through 4.7.4, and 4.8.0 through 4.8.7 could allow unauthorized data access from a remote data source object due to improper privilege management."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-73",
"description": "CWE-73 External Control of File Name or Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-29T15:02:05.431Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7183851"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Watson Query on Cloud Pak for Data information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-22341",
"datePublished": "2025-02-22T00:38:24.208Z",
"dateReserved": "2024-01-08T23:42:17.267Z",
"dateUpdated": "2025-09-30T13:42:47.772Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-22341 (GCVE-0-2024-22341)
Vulnerability from nvd – Published: 2025-02-22 00:38 – Updated: 2025-09-30 13:42
VLAI?
Summary
IBM Watson Query on Cloud Pak for Data 4.0.0 through 4.0.9, 4.5.0 through 4.5.3, 4.6.0 through 4.6.6, 4.7.0 through 4.7.4, and 4.8.0 through 4.8.7 could allow unauthorized data access from a remote data source object due to improper privilege management.
Severity ?
5.3 (Medium)
CWE
- CWE-73 - External Control of File Name or Path
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Watson Query on Cloud Pak for Data |
Affected:
4.8.0 , ≤ 4.8.7
(semver)
Affected: 4.7.0 , ≤ 4.7.4 (semver) Affected: 4.6.0 , ≤ 4.6.6 (semver) Affected: 4.5.0 , ≤ 4.5.3 (semver) Affected: 4.0.0 , ≤ 4.0.9 (semver) cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.0.9:*:*:*:*:*:*:* cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.5.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.5.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.6.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.6.6:*:*:*:*:*:*:* cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.7.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.7.4:*:*:*:*:*:*:* cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.8.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.8.7:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22341",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-22T15:31:28.746627Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-30T13:42:47.772Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.0.9:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.5.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.6.6:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.7.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.7.4:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.8.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.8.7:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Watson Query on Cloud Pak for Data",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "4.8.7",
"status": "affected",
"version": "4.8.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.7.4",
"status": "affected",
"version": "4.7.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.6.6",
"status": "affected",
"version": "4.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.5.3",
"status": "affected",
"version": "4.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.0.9",
"status": "affected",
"version": "4.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Watson Query on Cloud Pak for Data 4.0.0 through 4.0.9, 4.5.0 through 4.5.3, 4.6.0 through 4.6.6, 4.7.0 through 4.7.4, and 4.8.0 through 4.8.7 could allow unauthorized data access from a remote data source object due to improper privilege management."
}
],
"value": "IBM Watson Query on Cloud Pak for Data 4.0.0 through 4.0.9, 4.5.0 through 4.5.3, 4.6.0 through 4.6.6, 4.7.0 through 4.7.4, and 4.8.0 through 4.8.7 could allow unauthorized data access from a remote data source object due to improper privilege management."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-73",
"description": "CWE-73 External Control of File Name or Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-29T15:02:05.431Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7183851"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Watson Query on Cloud Pak for Data information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-22341",
"datePublished": "2025-02-22T00:38:24.208Z",
"dateReserved": "2024-01-08T23:42:17.267Z",
"dateUpdated": "2025-09-30T13:42:47.772Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}