CVE-2024-35160
IBM Watson Query on Cloud Pak for Data and IBM Db2 Big SQL on Cloud Pak for Data information disclosure
Severity Score
4.3
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track
*SSVC
Descriptions
IBM Watson Query on Cloud Pak for Data 1.8, 2.0, 2.1, 2.2 and IBM Db2 Big SQL on Cloud Pak for Data 7.3, 7.4, 7.5, and 7.6 could allow an authenticated user to obtain sensitive information due to insufficient session expiration.
IBM Watson Query on Cloud Pak for Data 1.8, 2.0, 2.1, 2.2 and IBM Db2 Big SQL on Cloud Pak for Data 7.3, 7.4, 7.5, and 7.6 could allow an authenticated user to obtain sensitive information due to insufficient session expiration.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2024-05-09 CVE Reserved
- 2024-11-23 CVE Published
- 2024-11-24 CVE Updated
- 2025-05-03 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-613: Insufficient Session Expiration
CAPEC
References (2)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.ibm.com/support/pages/node/7168703 | 2024-11-23 | |
| https://www.ibm.com/support/pages/node/7176947 | 2024-11-23 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Ibm Search vendor "Ibm" | Big Sql Search vendor "Ibm" for product "Big Sql" | * | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Db2 Search vendor "Ibm" for product "Db2" | * | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Watson Query Search vendor "Ibm" for product "Watson Query" | * | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Watson Query With Cloud Pak For Data As A Service Search vendor "Ibm" for product "Watson Query With Cloud Pak For Data As A Service" | * | - |
Affected
| ||||||