CVE-2024-37526 MEDIUM

CVE-2024-37526: IBM Watson Query on Cloud Pak for Data information disclosure

Vendor Ibm
Product Data Virtualization
Weakness CWE-497
Published January 27, 2025
Last update January 28, 2025

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

IBM Watson Query on Cloud Pak for Data (IBM Data Virtualization 1.8, 2.0, 2.1, 2.2, and 3.0.0) could allow an authenticated user to obtain sensitive information from objects published using Watson Query due to an improper data protection mechanism.

Key dates

02Disclosure timeline

January 27, 2025 CVE published
January 28, 2025 Record updated