CVE-2024-35160

Published: Nov 23, 2024Modified: Nov 26, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

IBM Watson Query on Cloud Pak for Data 1.8, 2.0, 2.1, 2.2 and IBM Db2 Big SQL on Cloud Pak for Data 7.3, 7.4, 7.5, and 7.6 could allow an authenticated user to obtain sensitive information due to insufficient session expiration.

Affected (8)

Products: Ibm: Big Sql, Watson Query With Cloud Pak For Data

Ibm

2 products

Big Sql

Watson Query With Cloud Pak For Data

Configuration A

8 vulnerable

Vulnerable Software	Affected Versions
Ibm Big Sql	Version 7.3
Ibm Big Sql	Version 7.4
Ibm Big Sql	Version 7.5
Ibm Big Sql	Version 7.6
Ibm Watson Query With Cloud Pak For Data	Version 1.8
Ibm Watson Query With Cloud Pak For Data	Version 2.0
Ibm Watson Query With Cloud Pak For Data	Version 2.1
Ibm Watson Query With Cloud Pak For Data	Version 2.2

Related CWEs

CWE-613

Insufficient Session Expiration

According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."

References (2)

https://www.ibm.com/support/pages/node/7168703

Source: psirt@us.ibm.com

Vendor Advisory

https://www.ibm.com/support/pages/node/7176947

Source: psirt@us.ibm.com

Vendor Advisory

Timeline

No history available yet.