CVE-2024-35160 (GCVE-0-2024-35160)
Vulnerability from cvelistv5 – Published: 2024-11-23 13:48 – Updated: 2024-11-24 12:30
VLAI?
Summary
IBM Watson Query on Cloud Pak for Data 1.8, 2.0, 2.1, 2.2 and IBM Db2 Big SQL on Cloud Pak for Data 7.3, 7.4, 7.5, and 7.6 could allow an authenticated user to obtain sensitive information due to insufficient session expiration.
Severity ?
4.3 (Medium)
CWE
- CWE-613 - Insufficient Session Expiration
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| IBM | Watson Query for Cloud Pak for Data |
Affected:
1.8, 2.0, 2.1, 2.2
cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:1.8:*:*:*:*:*:*:* cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:2.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:2.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:2.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:big_sql:7.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:big_sql:7.4:*:*:*:*:*:*:* cpe:2.3:a:ibm:big_sql:7.5:*:*:*:*:*:*:* cpe:2.3:a:ibm:big_sql:7.6:*:*:*:*:*:*:* |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35160",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-24T12:30:09.564089Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-24T12:30:18.144Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:1.8:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:big_sql:7.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:big_sql:7.4:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:big_sql:7.5:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:big_sql:7.6:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Watson Query for Cloud Pak for Data",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "1.8, 2.0, 2.1, 2.2"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Db2 Big SQL on Cloud Pak for Data",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.3, 7.4, 7.5, 7.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Watson Query on Cloud Pak for Data 1\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e.8, 2.0, 2.1, 2.2\u003c/span\u003e\u0026nbsp;and IBM Db2 Big SQL on Cloud Pak for Data 7.3, 7.4, 7.5, and 7.6\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ecould allow an authenticated user to obtain sensitive information due to insufficient session expiration.\u003c/span\u003e"
}
],
"value": "IBM Watson Query on Cloud Pak for Data 1.8, 2.0, 2.1, 2.2\u00a0and IBM Db2 Big SQL on Cloud Pak for Data 7.3, 7.4, 7.5, and 7.6\u00a0could allow an authenticated user to obtain sensitive information due to insufficient session expiration."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-613",
"description": "CWE-613 Insufficient Session Expiration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-23T13:48:16.110Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7168703"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7176947"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Watson Query on Cloud Pak for Data and IBM Db2 Big SQL on Cloud Pak for Data information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-35160",
"datePublished": "2024-11-23T13:48:16.110Z",
"dateReserved": "2024-05-09T16:27:47.448Z",
"dateUpdated": "2024-11-24T12:30:18.144Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:big_sql:7.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F847F14F-2D58-4E50-B28E-A8F2BE6BE148\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:big_sql:7.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F5CA4981-7EA0-41BB-8450-1EF995DC2DA2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:big_sql:7.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D13EB5A5-B222-49A3-9931-ED9D00E2FC93\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:big_sql:7.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0F238E3E-4891-4089-A3F0-128B7B947ABD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data:1.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3F682C06-34BF-42E4-8C05-93B142C47D22\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data:2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4D451E18-6883-44F7-90A0-50B539D34D65\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data:2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B063DD40-B8CE-45EF-A692-99E2B5ED4616\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data:2.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6EF1367E-3931-479D-882F-B75FD5CA241A\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"IBM Watson Query on Cloud Pak for Data 1.8, 2.0, 2.1, 2.2\\u00a0and IBM Db2 Big SQL on Cloud Pak for Data 7.3, 7.4, 7.5, and 7.6\\u00a0could allow an authenticated user to obtain sensitive information due to insufficient session expiration.\"}, {\"lang\": \"es\", \"value\": \"IBM Watson Query en Cloud Pak for Data 1.8, 2.0, 2.1, 2.2 e IBM Db2 Big SQL en Cloud Pak for Data 7.3, 7.4, 7.5 y 7.6 podr\\u00edan permitir que un usuario autenticado obtenga informaci\\u00f3n confidencial debido a una expiraci\\u00f3n de sesi\\u00f3n insuficiente.\"}]",
"id": "CVE-2024-35160",
"lastModified": "2024-11-26T19:08:22.473",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"psirt@us.ibm.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\", \"baseScore\": 4.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 1.4}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.6}]}",
"published": "2024-11-23T14:15:18.393",
"references": "[{\"url\": \"https://www.ibm.com/support/pages/node/7168703\", \"source\": \"psirt@us.ibm.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.ibm.com/support/pages/node/7176947\", \"source\": \"psirt@us.ibm.com\", \"tags\": [\"Vendor Advisory\"]}]",
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": "[{\"source\": \"psirt@us.ibm.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-613\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-35160\",\"sourceIdentifier\":\"psirt@us.ibm.com\",\"published\":\"2024-11-23T14:15:18.393\",\"lastModified\":\"2024-11-26T19:08:22.473\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"IBM Watson Query on Cloud Pak for Data 1.8, 2.0, 2.1, 2.2\u00a0and IBM Db2 Big SQL on Cloud Pak for Data 7.3, 7.4, 7.5, and 7.6\u00a0could allow an authenticated user to obtain sensitive information due to insufficient session expiration.\"},{\"lang\":\"es\",\"value\":\"IBM Watson Query en Cloud Pak for Data 1.8, 2.0, 2.1, 2.2 e IBM Db2 Big SQL en Cloud Pak for Data 7.3, 7.4, 7.5 y 7.6 podr\u00edan permitir que un usuario autenticado obtenga informaci\u00f3n confidencial debido a una expiraci\u00f3n de sesi\u00f3n insuficiente.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@us.ibm.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"psirt@us.ibm.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-613\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:big_sql:7.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F847F14F-2D58-4E50-B28E-A8F2BE6BE148\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:big_sql:7.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F5CA4981-7EA0-41BB-8450-1EF995DC2DA2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:big_sql:7.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D13EB5A5-B222-49A3-9931-ED9D00E2FC93\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:big_sql:7.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F238E3E-4891-4089-A3F0-128B7B947ABD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data:1.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3F682C06-34BF-42E4-8C05-93B142C47D22\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D451E18-6883-44F7-90A0-50B539D34D65\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data:2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B063DD40-B8CE-45EF-A692-99E2B5ED4616\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data:2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6EF1367E-3931-479D-882F-B75FD5CA241A\"}]}]}],\"references\":[{\"url\":\"https://www.ibm.com/support/pages/node/7168703\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.ibm.com/support/pages/node/7176947\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-35160\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-11-24T12:30:09.564089Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-11-24T12:30:14.575Z\"}}], \"cna\": {\"title\": \"IBM Watson Query on Cloud Pak for Data and IBM Db2 Big SQL on Cloud Pak for Data information disclosure\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 4.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:1.8:*:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:2.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:2.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:2.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:big_sql:7.3:*:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:big_sql:7.4:*:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:big_sql:7.5:*:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:big_sql:7.6:*:*:*:*:*:*:*\"], \"vendor\": \"IBM\", \"product\": \"Watson Query for Cloud Pak for Data\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.8, 2.0, 2.1, 2.2\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"IBM\", \"product\": \"Db2 Big SQL on Cloud Pak for Data\", \"versions\": [{\"status\": \"affected\", \"version\": \"7.3, 7.4, 7.5, 7.6\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://www.ibm.com/support/pages/node/7168703\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://www.ibm.com/support/pages/node/7176947\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"IBM Watson Query on Cloud Pak for Data 1.8, 2.0, 2.1, 2.2\\u00a0and IBM Db2 Big SQL on Cloud Pak for Data 7.3, 7.4, 7.5, and 7.6\\u00a0could allow an authenticated user to obtain sensitive information due to insufficient session expiration.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"IBM Watson Query on Cloud Pak for Data 1\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003e.8, 2.0, 2.1, 2.2\u003c/span\u003e\u0026nbsp;and IBM Db2 Big SQL on Cloud Pak for Data 7.3, 7.4, 7.5, and 7.6\u0026nbsp;\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003ecould allow an authenticated user to obtain sensitive information due to insufficient session expiration.\u003c/span\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-613\", \"description\": \"CWE-613 Insufficient Session Expiration\"}]}], \"providerMetadata\": {\"orgId\": \"9a959283-ebb5-44b6-b705-dcc2bbced522\", \"shortName\": \"ibm\", \"dateUpdated\": \"2024-11-23T13:48:16.110Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-35160\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-11-24T12:30:18.144Z\", \"dateReserved\": \"2024-05-09T16:27:47.448Z\", \"assignerOrgId\": \"9a959283-ebb5-44b6-b705-dcc2bbced522\", \"datePublished\": \"2024-11-23T13:48:16.110Z\", \"assignerShortName\": \"ibm\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…