CVE-2024-37526

MEDIUM

IBM Watson Query on Cloud Pak for Data 1.8-3.0.0 Sensitive Information Exposure

Title source: llm

Description

IBM Watson Query on Cloud Pak for Data (IBM Data Virtualization 1.8, 2.0, 2.1, 2.2, and 3.0.0) could allow an authenticated user to obtain sensitive information from objects published using Watson Query due to an improper data protection mechanism.

References (1)

Core 1

Core References

Vendor Advisory

https://www.ibm.com/support/pages/node/7173774

Scores

CVSS v3 6.5

EPSS 0.0044

EPSS Percentile 34.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-497

Status published

Products (10)

ibm/data_virtualization_on_cloud_pak_for_data 1.8.0

ibm/data_virtualization_on_cloud_pak_for_data 3.0.0

ibm/data_virtualization_on_cloud_pak_for_data 4.5.0

ibm/data_virtualization_on_cloud_pak_for_data 5.0.0

ibm/watson_query_with_cloud_pak_for_data 2.0

ibm/watson_query_with_cloud_pak_for_data 2.1

ibm/watson_query_with_cloud_pak_for_data 2.2

ibm/watson_query_with_cloud_pak_for_data 4.6

ibm/watson_query_with_cloud_pak_for_data 4.7

ibm/watson_query_with_cloud_pak_for_data 4.8

Published Jan 27, 2025

Tracked Since Feb 18, 2026