CVE-2024-37526: IBM Watson Query on Cloud Pak for Data information disclosure
First published: Tue Oct 22 2024(Updated: )
IBM Watson Query on Cloud Pak for Data (IBM Data Virtualization 1.8, 2.0, 2.1, 2.2, and 3.0.0) could allow an authenticated user to obtain sensitive information from objects published using Watson Query due to an improper data protection mechanism.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Cloud Pak for Data | ||
| IBM Data Virtualization on Cloud Pak for Data | <=3.0.0 | |
| IBM Watson Query on Cloud Pak for Data | <=2.2 | |
| IBM Watson Query on Cloud Pak for Data | <=2.1 | |
| IBM Watson Query on Cloud Pak for Data | <=2.0 | |
| IBM Data Virtualization on Cloud Pak for Data | <=1.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-37526?
CVE-2024-37526 is classified as a medium severity vulnerability.
How do I fix CVE-2024-37526?
To fix CVE-2024-37526, upgrade to the latest version of IBM Watson Query or IBM Data Virtualization that addresses the vulnerability.
Who is affected by CVE-2024-37526?
CVE-2024-37526 affects users of IBM Watson Query and IBM Data Virtualization on Cloud Pak for Data versions up to 3.0.0.
What type of vulnerability is CVE-2024-37526?
CVE-2024-37526 is a data exposure vulnerability that allows authenticated users to access sensitive information.
What versions of IBM products are impacted by CVE-2024-37526?
CVE-2024-37526 impacts IBM Watson Query on Cloud Pak for Data versions 1.8 through 2.2 and all versions of Data Virtualization up to 3.0.0.
- agent/weakness
- agent/title
- agent/type
- agent/guess-ai
- agent/software-canonical-lookup
- agent/references
- agent/first-publish-date
- agent/description
- collector/ibm-support
- source/IBM
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/severity
- agent/source
- agent/author
- agent/event
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- vendor/ibm
- canonical/ibm cloud pak for data
- canonical/ibm data virtualization on cloud pak for data
- version/ibm data virtualization on cloud pak for data/3.0.0
- canonical/ibm watson query on cloud pak for data
- version/ibm watson query on cloud pak for data/2.2
- version/ibm watson query on cloud pak for data/2.1
- version/ibm watson query on cloud pak for data/2.0
- version/ibm data virtualization on cloud pak for data/1.8