Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
6 vulnerabilities found for watson_query_with_cloud_pak_for_data by ibm
CVE-2024-22341 (GCVE-0-2024-22341)
Vulnerability from cvelistv5 – Published: 2025-02-22 00:38 – Updated: 2025-09-30 13:42
VLAI
Title
IBM Watson Query on Cloud Pak for Data information disclosure
Summary
IBM Watson Query on Cloud Pak for Data 4.0.0 through 4.0.9, 4.5.0 through 4.5.3, 4.6.0 through 4.6.6, 4.7.0 through 4.7.4, and 4.8.0 through 4.8.7 could allow unauthorized data access from a remote data source object due to improper privilege management.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-73 - External Control of File Name or Path
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/7183851 | vendor-advisorypatch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Watson Query on Cloud Pak for Data |
Affected:
4.8.0 , ≤ 4.8.7
(semver)
Affected: 4.7.0 , ≤ 4.7.4 (semver) Affected: 4.6.0 , ≤ 4.6.6 (semver) Affected: 4.5.0 , ≤ 4.5.3 (semver) Affected: 4.0.0 , ≤ 4.0.9 (semver) cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.0.9:*:*:*:*:*:*:* cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.5.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.5.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.6.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.6.6:*:*:*:*:*:*:* cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.7.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.7.4:*:*:*:*:*:*:* cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.8.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.8.7:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22341",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-22T15:31:28.746627Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-30T13:42:47.772Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.0.9:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.5.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.6.6:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.7.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.7.4:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.8.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.8.7:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Watson Query on Cloud Pak for Data",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "4.8.7",
"status": "affected",
"version": "4.8.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.7.4",
"status": "affected",
"version": "4.7.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.6.6",
"status": "affected",
"version": "4.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.5.3",
"status": "affected",
"version": "4.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.0.9",
"status": "affected",
"version": "4.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Watson Query on Cloud Pak for Data 4.0.0 through 4.0.9, 4.5.0 through 4.5.3, 4.6.0 through 4.6.6, 4.7.0 through 4.7.4, and 4.8.0 through 4.8.7 could allow unauthorized data access from a remote data source object due to improper privilege management."
}
],
"value": "IBM Watson Query on Cloud Pak for Data 4.0.0 through 4.0.9, 4.5.0 through 4.5.3, 4.6.0 through 4.6.6, 4.7.0 through 4.7.4, and 4.8.0 through 4.8.7 could allow unauthorized data access from a remote data source object due to improper privilege management."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-73",
"description": "CWE-73 External Control of File Name or Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-29T15:02:05.431Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7183851"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Watson Query on Cloud Pak for Data information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-22341",
"datePublished": "2025-02-22T00:38:24.208Z",
"dateReserved": "2024-01-08T23:42:17.267Z",
"dateUpdated": "2025-09-30T13:42:47.772Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-37526 (GCVE-0-2024-37526)
Vulnerability from cvelistv5 – Published: 2025-01-27 21:53 – Updated: 2025-01-28 15:18
VLAI
Title
IBM Watson Query on Cloud Pak for Data information disclosure
Summary
IBM Watson Query on Cloud Pak for Data (IBM Data Virtualization 1.8, 2.0, 2.1, 2.2, and 3.0.0) could allow an authenticated user to obtain sensitive information from objects published using Watson Query due to an improper data protection mechanism.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Data Virtualization |
Affected:
1.8, 2.0, 2.1, 2.2, 3.0.0
cpe:2.3:a:ibm:data_virtualization_on_cloud_pak_for_data:1.8.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:data_virtualization_on_cloud_pak_for_data:2.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:data_virtualization_on_cloud_pak_for_data:2.1.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:data_virtualization_on_cloud_pak_for_data:2.2.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:data_virtualization_on_cloud_pak_for_data:3.0.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-37526",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-28T14:53:28.695960Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-28T15:18:54.854Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:data_virtualization_on_cloud_pak_for_data:1.8.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:data_virtualization_on_cloud_pak_for_data:2.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:data_virtualization_on_cloud_pak_for_data:2.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:data_virtualization_on_cloud_pak_for_data:2.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:data_virtualization_on_cloud_pak_for_data:3.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Data Virtualization",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "1.8, 2.0, 2.1, 2.2, 3.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Watson Query on Cloud Pak for Data (IBM Data Virtualization\u0026nbsp;1.8, 2.0, 2.1, 2.2, and 3.0.0) could allow an authenticated user to obtain sensitive information from objects published using Watson Query due to an improper data protection mechanism."
}
],
"value": "IBM Watson Query on Cloud Pak for Data (IBM Data Virtualization\u00a01.8, 2.0, 2.1, 2.2, and 3.0.0) could allow an authenticated user to obtain sensitive information from objects published using Watson Query due to an improper data protection mechanism."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-497",
"description": "CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-27T21:53:04.621Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7173774"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Watson Query on Cloud Pak for Data information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-37526",
"datePublished": "2025-01-27T21:53:04.621Z",
"dateReserved": "2024-06-09T13:59:02.606Z",
"dateUpdated": "2025-01-28T15:18:54.854Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35160 (GCVE-0-2024-35160)
Vulnerability from cvelistv5 – Published: 2024-11-23 13:48 – Updated: 2024-11-24 12:30
VLAI
Title
IBM Watson Query on Cloud Pak for Data and IBM Db2 Big SQL on Cloud Pak for Data information disclosure
Summary
IBM Watson Query on Cloud Pak for Data 1.8, 2.0, 2.1, 2.2 and IBM Db2 Big SQL on Cloud Pak for Data 7.3, 7.4, 7.5, and 7.6 could allow an authenticated user to obtain sensitive information due to insufficient session expiration.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-613 - Insufficient Session Expiration
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/7168703 | vendor-advisory |
| https://www.ibm.com/support/pages/node/7176947 | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Watson Query for Cloud Pak for Data |
Affected:
1.8, 2.0, 2.1, 2.2
cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:1.8:*:*:*:*:*:*:* cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:2.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:2.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:2.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:big_sql:7.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:big_sql:7.4:*:*:*:*:*:*:* cpe:2.3:a:ibm:big_sql:7.5:*:*:*:*:*:*:* cpe:2.3:a:ibm:big_sql:7.6:*:*:*:*:*:*:* |
|
| IBM | Db2 Big SQL on Cloud Pak for Data |
Affected:
7.3, 7.4, 7.5, 7.6
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35160",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-24T12:30:09.564089Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-24T12:30:18.144Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:1.8:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:big_sql:7.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:big_sql:7.4:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:big_sql:7.5:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:big_sql:7.6:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Watson Query for Cloud Pak for Data",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "1.8, 2.0, 2.1, 2.2"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Db2 Big SQL on Cloud Pak for Data",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.3, 7.4, 7.5, 7.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Watson Query on Cloud Pak for Data 1\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e.8, 2.0, 2.1, 2.2\u003c/span\u003e\u0026nbsp;and IBM Db2 Big SQL on Cloud Pak for Data 7.3, 7.4, 7.5, and 7.6\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ecould allow an authenticated user to obtain sensitive information due to insufficient session expiration.\u003c/span\u003e"
}
],
"value": "IBM Watson Query on Cloud Pak for Data 1.8, 2.0, 2.1, 2.2\u00a0and IBM Db2 Big SQL on Cloud Pak for Data 7.3, 7.4, 7.5, and 7.6\u00a0could allow an authenticated user to obtain sensitive information due to insufficient session expiration."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-613",
"description": "CWE-613 Insufficient Session Expiration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-23T13:48:16.110Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7168703"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7176947"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Watson Query on Cloud Pak for Data and IBM Db2 Big SQL on Cloud Pak for Data information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-35160",
"datePublished": "2024-11-23T13:48:16.110Z",
"dateReserved": "2024-05-09T16:27:47.448Z",
"dateUpdated": "2024-11-24T12:30:18.144Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-22341 (GCVE-0-2024-22341)
Vulnerability from nvd – Published: 2025-02-22 00:38 – Updated: 2025-09-30 13:42
VLAI
Title
IBM Watson Query on Cloud Pak for Data information disclosure
Summary
IBM Watson Query on Cloud Pak for Data 4.0.0 through 4.0.9, 4.5.0 through 4.5.3, 4.6.0 through 4.6.6, 4.7.0 through 4.7.4, and 4.8.0 through 4.8.7 could allow unauthorized data access from a remote data source object due to improper privilege management.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-73 - External Control of File Name or Path
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/7183851 | vendor-advisorypatch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Watson Query on Cloud Pak for Data |
Affected:
4.8.0 , ≤ 4.8.7
(semver)
Affected: 4.7.0 , ≤ 4.7.4 (semver) Affected: 4.6.0 , ≤ 4.6.6 (semver) Affected: 4.5.0 , ≤ 4.5.3 (semver) Affected: 4.0.0 , ≤ 4.0.9 (semver) cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.0.9:*:*:*:*:*:*:* cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.5.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.5.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.6.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.6.6:*:*:*:*:*:*:* cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.7.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.7.4:*:*:*:*:*:*:* cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.8.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.8.7:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22341",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-22T15:31:28.746627Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-30T13:42:47.772Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.0.9:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.5.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.6.6:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.7.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.7.4:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.8.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:4.8.7:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Watson Query on Cloud Pak for Data",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "4.8.7",
"status": "affected",
"version": "4.8.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.7.4",
"status": "affected",
"version": "4.7.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.6.6",
"status": "affected",
"version": "4.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.5.3",
"status": "affected",
"version": "4.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.0.9",
"status": "affected",
"version": "4.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Watson Query on Cloud Pak for Data 4.0.0 through 4.0.9, 4.5.0 through 4.5.3, 4.6.0 through 4.6.6, 4.7.0 through 4.7.4, and 4.8.0 through 4.8.7 could allow unauthorized data access from a remote data source object due to improper privilege management."
}
],
"value": "IBM Watson Query on Cloud Pak for Data 4.0.0 through 4.0.9, 4.5.0 through 4.5.3, 4.6.0 through 4.6.6, 4.7.0 through 4.7.4, and 4.8.0 through 4.8.7 could allow unauthorized data access from a remote data source object due to improper privilege management."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-73",
"description": "CWE-73 External Control of File Name or Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-29T15:02:05.431Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7183851"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Watson Query on Cloud Pak for Data information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-22341",
"datePublished": "2025-02-22T00:38:24.208Z",
"dateReserved": "2024-01-08T23:42:17.267Z",
"dateUpdated": "2025-09-30T13:42:47.772Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-37526 (GCVE-0-2024-37526)
Vulnerability from nvd – Published: 2025-01-27 21:53 – Updated: 2025-01-28 15:18
VLAI
Title
IBM Watson Query on Cloud Pak for Data information disclosure
Summary
IBM Watson Query on Cloud Pak for Data (IBM Data Virtualization 1.8, 2.0, 2.1, 2.2, and 3.0.0) could allow an authenticated user to obtain sensitive information from objects published using Watson Query due to an improper data protection mechanism.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Data Virtualization |
Affected:
1.8, 2.0, 2.1, 2.2, 3.0.0
cpe:2.3:a:ibm:data_virtualization_on_cloud_pak_for_data:1.8.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:data_virtualization_on_cloud_pak_for_data:2.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:data_virtualization_on_cloud_pak_for_data:2.1.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:data_virtualization_on_cloud_pak_for_data:2.2.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:data_virtualization_on_cloud_pak_for_data:3.0.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-37526",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-28T14:53:28.695960Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-28T15:18:54.854Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:data_virtualization_on_cloud_pak_for_data:1.8.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:data_virtualization_on_cloud_pak_for_data:2.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:data_virtualization_on_cloud_pak_for_data:2.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:data_virtualization_on_cloud_pak_for_data:2.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:data_virtualization_on_cloud_pak_for_data:3.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Data Virtualization",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "1.8, 2.0, 2.1, 2.2, 3.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Watson Query on Cloud Pak for Data (IBM Data Virtualization\u0026nbsp;1.8, 2.0, 2.1, 2.2, and 3.0.0) could allow an authenticated user to obtain sensitive information from objects published using Watson Query due to an improper data protection mechanism."
}
],
"value": "IBM Watson Query on Cloud Pak for Data (IBM Data Virtualization\u00a01.8, 2.0, 2.1, 2.2, and 3.0.0) could allow an authenticated user to obtain sensitive information from objects published using Watson Query due to an improper data protection mechanism."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-497",
"description": "CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-27T21:53:04.621Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7173774"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Watson Query on Cloud Pak for Data information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-37526",
"datePublished": "2025-01-27T21:53:04.621Z",
"dateReserved": "2024-06-09T13:59:02.606Z",
"dateUpdated": "2025-01-28T15:18:54.854Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35160 (GCVE-0-2024-35160)
Vulnerability from nvd – Published: 2024-11-23 13:48 – Updated: 2024-11-24 12:30
VLAI
Title
IBM Watson Query on Cloud Pak for Data and IBM Db2 Big SQL on Cloud Pak for Data information disclosure
Summary
IBM Watson Query on Cloud Pak for Data 1.8, 2.0, 2.1, 2.2 and IBM Db2 Big SQL on Cloud Pak for Data 7.3, 7.4, 7.5, and 7.6 could allow an authenticated user to obtain sensitive information due to insufficient session expiration.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-613 - Insufficient Session Expiration
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/7168703 | vendor-advisory |
| https://www.ibm.com/support/pages/node/7176947 | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Watson Query for Cloud Pak for Data |
Affected:
1.8, 2.0, 2.1, 2.2
cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:1.8:*:*:*:*:*:*:* cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:2.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:2.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:2.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:big_sql:7.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:big_sql:7.4:*:*:*:*:*:*:* cpe:2.3:a:ibm:big_sql:7.5:*:*:*:*:*:*:* cpe:2.3:a:ibm:big_sql:7.6:*:*:*:*:*:*:* |
|
| IBM | Db2 Big SQL on Cloud Pak for Data |
Affected:
7.3, 7.4, 7.5, 7.6
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35160",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-24T12:30:09.564089Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-24T12:30:18.144Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:1.8:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:big_sql:7.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:big_sql:7.4:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:big_sql:7.5:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:big_sql:7.6:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Watson Query for Cloud Pak for Data",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "1.8, 2.0, 2.1, 2.2"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Db2 Big SQL on Cloud Pak for Data",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.3, 7.4, 7.5, 7.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Watson Query on Cloud Pak for Data 1\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e.8, 2.0, 2.1, 2.2\u003c/span\u003e\u0026nbsp;and IBM Db2 Big SQL on Cloud Pak for Data 7.3, 7.4, 7.5, and 7.6\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ecould allow an authenticated user to obtain sensitive information due to insufficient session expiration.\u003c/span\u003e"
}
],
"value": "IBM Watson Query on Cloud Pak for Data 1.8, 2.0, 2.1, 2.2\u00a0and IBM Db2 Big SQL on Cloud Pak for Data 7.3, 7.4, 7.5, and 7.6\u00a0could allow an authenticated user to obtain sensitive information due to insufficient session expiration."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-613",
"description": "CWE-613 Insufficient Session Expiration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-23T13:48:16.110Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7168703"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7176947"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Watson Query on Cloud Pak for Data and IBM Db2 Big SQL on Cloud Pak for Data information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-35160",
"datePublished": "2024-11-23T13:48:16.110Z",
"dateReserved": "2024-05-09T16:27:47.448Z",
"dateUpdated": "2024-11-24T12:30:18.144Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}