SecuriTricks - CVE-2024-35160

Description

IBM Watson Query on Cloud Pak for Data 1.8, 2.0, 2.1, 2.2 and IBM Db2 Big SQL on Cloud Pak for Data 7.3, 7.4, 7.5, and 7.6 could allow an authenticated user to obtain sensitive information due to insufficient session expiration.

Product(s) Impacted

Vendor	Product	Versions
Ibm	Big Sql Watson Query With Cloud Pak For Data	7.3, 7.4, 7.5, 7.6 1.8, 2.0, 2.1, 2.2

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-613

Insufficient Session Expiration

According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."

*CPE(s)

Affected systems and software identified for this CVE.

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
a	ibm	big_sql	7.3	/	/	/	/	/	/	/
a	ibm	big_sql	7.4	/	/	/	/	/	/	/
a	ibm	big_sql	7.5	/	/	/	/	/	/	/
a	ibm	big_sql	7.6	/	/	/	/	/	/	/
a	ibm	watson_query_with_cloud_pak_for_data	1.8	/	/	/	/	/	/	/
a	ibm	watson_query_with_cloud_pak_for_data	2.0	/	/	/	/	/	/	/
a	ibm	watson_query_with_cloud_pak_for_data	2.1	/	/	/	/	/	/	/
a	ibm	watson_query_with_cloud_pak_for_data	2.2	/	/	/	/	/	/	/

References

https://www.ibm.com/support/pages/node/7168703

https://www.ibm.com/support/pages/node/7176947

CVSS Score

4.3 / 10

CVSS Data - 3.1

Attack Vector: NETWORK
Attack Complexity: LOW
Privileges Required: LOW
Scope: UNCHANGED
Confidentiality Impact: LOW
Integrity Impact: NONE
Availability Impact: NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

View Vector String

Timeline

Published: Nov. 23, 2024, 2:15 p.m.
Last Modified: Nov. 26, 2024, 7:08 p.m.

Status : Analyzed

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

psirt@us.ibm.com

CVE-2024-35160