CVE-2024-37526

IBM Watson Query on Cloud Pak for Data (IBM Data Virtualization1.8, 2.0, 2.1, 2.2, and 3.0.0) could allow an authenticated user to obtain sensitive information from objects published using Watson Query due to an improper data protection mechanism.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
ibmCNA
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 13%
VendorProductVersion
ibmdata_virtualization_on_cloud_pak_for_data
1.8.0
ibmdata_virtualization_on_cloud_pak_for_data
3.0.0
ibmdata_virtualization_on_cloud_pak_for_data
4.5.0
ibmdata_virtualization_on_cloud_pak_for_data
5.0.0
ibmwatson_query_with_cloud_pak_for_data
2.0
ibmwatson_query_with_cloud_pak_for_data
2.1
ibmwatson_query_with_cloud_pak_for_data
2.2
ibmwatson_query_with_cloud_pak_for_data
4.6
ibmwatson_query_with_cloud_pak_for_data
4.7
ibmwatson_query_with_cloud_pak_for_data
4.8
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.ibm.com/support/pages/node/7173774