CVE-2024-37526

{"id": "CVE-2024-37526", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "psirt@us.ibm.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2025-01-27T22:15:11.770", "references": [{"url": "https://www.ibm.com/support/pages/node/7173774", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "psirt@us.ibm.com", "description": [{"lang": "en", "value": "CWE-497"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "IBM Watson Query on Cloud Pak for Data (IBM Data Virtualization\u00a01.8, 2.0, 2.1, 2.2, and 3.0.0) could allow an authenticated user to obtain sensitive information from objects published using Watson Query due to an improper data protection mechanism."}, {"lang": "es", "value": "IBM Watson Query en Cloud Pak for Data (IBM Data Virtualization 1.8, 2.0, 2.1, 2.2 y 3.0.0) podr\u00eda permitir que un usuario autenticado obtenga informaci\u00f3n confidencial de objetos publicados mediante Watson Query debido a un mecanismo de protecci\u00f3n de datos inadecuado."}], "lastModified": "2025-08-18T18:07:27.443", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:data_virtualization_on_cloud_pak_for_data:1.8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FEB5BDC6-8009-48C5-96D2-3941483A814E"}, {"criteria": "cpe:2.3:a:ibm:data_virtualization_on_cloud_pak_for_data:3.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B0153F72-57F7-42F6-A27D-B528008534AB"}, {"criteria": "cpe:2.3:a:ibm:data_virtualization_on_cloud_pak_for_data:4.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "15E29E04-539A-4DEE-827D-96C2B074C705"}, {"criteria": "cpe:2.3:a:ibm:data_virtualization_on_cloud_pak_for_data:5.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A672F3A1-D275-4015-8816-EAECAB51FC64"}, {"criteria": "cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data:2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4D451E18-6883-44F7-90A0-50B539D34D65"}, {"criteria": "cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data:2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B063DD40-B8CE-45EF-A692-99E2B5ED4616"}, {"criteria": "cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data:2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6EF1367E-3931-479D-882F-B75FD5CA241A"}, {"criteria": "cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data:4.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B00170F3-27A0-4162-872B-66674979799C"}, {"criteria": "cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data:4.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "82CE5B47-0039-44BF-8E5B-1428FE0C32C6"}, {"criteria": "cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data:4.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5127B8D8-FCA2-4E40-ACAA-23D45F100734"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}