CVE-2024-37526

MEDIUM

IBM Watson Query - Info Disclosure

Title source: llm

Description

IBM Watson Query on Cloud Pak for Data (IBM Data Virtualization 1.8, 2.0, 2.1, 2.2, and 3.0.0) could allow an authenticated user to obtain sensitive information from objects published using Watson Query due to an improper data protection mechanism.

References (1)

[Vendor Advisory] https://www.ibm.com/support/pages/node/7173774

Scores

CVSS v3 6.5

EPSS 0.0008

EPSS Percentile 22.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-497

Status published

Products (10)

ibm/data_virtualization_on_cloud_pak_for_data 1.8.0

ibm/data_virtualization_on_cloud_pak_for_data 3.0.0

ibm/data_virtualization_on_cloud_pak_for_data 4.5.0

ibm/data_virtualization_on_cloud_pak_for_data 5.0.0

ibm/watson_query_with_cloud_pak_for_data 2.0

ibm/watson_query_with_cloud_pak_for_data 2.1

ibm/watson_query_with_cloud_pak_for_data 2.2

ibm/watson_query_with_cloud_pak_for_data 4.6

ibm/watson_query_with_cloud_pak_for_data 4.7

ibm/watson_query_with_cloud_pak_for_data 4.8

Published Jan 27, 2025

Tracked Since Feb 18, 2026