CVE-2024-35160

MEDIUM

IBM Big Sql - Insufficient Session Expiration

Title source: rule

Description

IBM Watson Query on Cloud Pak for Data 1.8, 2.0, 2.1, 2.2 and IBM Db2 Big SQL on Cloud Pak for Data 7.3, 7.4, 7.5, and 7.6 could allow an authenticated user to obtain sensitive information due to insufficient session expiration.

References (2)

[Vendor Advisory] https://www.ibm.com/support/pages/node/7168703

[Vendor Advisory] https://www.ibm.com/support/pages/node/7176947

Scores

CVSS v3 4.3

EPSS 0.0005

EPSS Percentile 16.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-613

Status published

Products (8)

ibm/big_sql 7.3

ibm/big_sql 7.4

ibm/big_sql 7.5

ibm/big_sql 7.6

ibm/watson_query_with_cloud_pak_for_data 1.8

ibm/watson_query_with_cloud_pak_for_data 2.0

ibm/watson_query_with_cloud_pak_for_data 2.1

ibm/watson_query_with_cloud_pak_for_data 2.2

Published Nov 23, 2024

Tracked Since Feb 18, 2026