Vulnerabilites related to IBM - Data Virtualization
CVE-2024-37526 (GCVE-0-2024-37526)
Vulnerability from cvelistv5
Published
2025-01-27 21:53
Modified
2025-01-28 15:18
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CWE
  • CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
Summary
IBM Watson Query on Cloud Pak for Data (IBM Data Virtualization 1.8, 2.0, 2.1, 2.2, and 3.0.0) could allow an authenticated user to obtain sensitive information from objects published using Watson Query due to an improper data protection mechanism.
References
Impacted products
Vendor Product Version
IBM Data Virtualization Version: 1.8, 2.0, 2.1, 2.2, 3.0.0
    cpe:2.3:a:ibm:data_virtualization_on_cloud_pak_for_data:1.8.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:data_virtualization_on_cloud_pak_for_data:2.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:data_virtualization_on_cloud_pak_for_data:2.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:data_virtualization_on_cloud_pak_for_data:2.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:data_virtualization_on_cloud_pak_for_data:3.0.0:*:*:*:*:*:*:*
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-37526",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-28T14:53:28.695960Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-28T15:18:54.854Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:data_virtualization_on_cloud_pak_for_data:1.8.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:data_virtualization_on_cloud_pak_for_data:2.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:data_virtualization_on_cloud_pak_for_data:2.1.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:data_virtualization_on_cloud_pak_for_data:2.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:data_virtualization_on_cloud_pak_for_data:3.0.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Data Virtualization",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "1.8, 2.0, 2.1, 2.2, 3.0.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Watson Query on Cloud Pak for Data (IBM Data Virtualization\u0026nbsp;1.8, 2.0, 2.1, 2.2, and 3.0.0) could allow an authenticated user to obtain sensitive information from objects published using Watson Query due to an improper data protection mechanism."
            }
          ],
          "value": "IBM Watson Query on Cloud Pak for Data (IBM Data Virtualization\u00a01.8, 2.0, 2.1, 2.2, and 3.0.0) could allow an authenticated user to obtain sensitive information from objects published using Watson Query due to an improper data protection mechanism."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-497",
              "description": "CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-27T21:53:04.621Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "url": "https://www.ibm.com/support/pages/node/7173774"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Watson Query on Cloud Pak for Data information disclosure",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2024-37526",
    "datePublished": "2025-01-27T21:53:04.621Z",
    "dateReserved": "2024-06-09T13:59:02.606Z",
    "dateUpdated": "2025-01-28T15:18:54.854Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}