Vulnerability in Ibm Data Virtualization
CVE-2024-37526
IBM Watson Query on Cloud Pak for Data (IBM Data Virtualization 1.8, 2.0, 2.1, 2.2, and 3.0.0) could allow an authenticated user to obtain sensitive information from objects published using Watson Query due to an improper data protection m…
EPSS: 0.005 (36.5th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N.
Affected products
- Ibm Data Virtualization — versions 1.8, 2.0, 2.1, 2.2, 3.0.0
- Ibm Data_virtualization_on_cloud_pak_for_data — versions 1.8.0, 3.0.0, 4.5.0
- Ibm Watson_query_with_cloud_pak_for_data — versions 2.0, 2.1, 2.2
Weakness classification (CWE)
References
- psirt@us.ibm.com (Vendor Advisory)
Frequently asked questions
- What is CVE-2024-37526?
- CVE-2024-37526 is a medium-severity vulnerability in Ibm Data Virtualization, classified under Exposure of Sensitive System Information to an Unauthorized Control Sphere. CVSS score: 6.5/10. Published 2025-01-27.
- How severe is CVE-2024-37526?
- Medium severity. CVSS v3 base score is 6.5 out of 10.