PT-2024-26344 · Ibm · Ibm Watson Query+1
Published
2024-11-23
·
Updated
2024-11-26
·
CVE-2024-35160
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
IBM Watson Query on Cloud Pak for Data versions 1.8, 2.0, 2.1, 2.2
IBM Db2 Big SQL on Cloud Pak for Data versions 7.3, 7.4, 7.5, and 7.6
Description
The issue allows an authenticated user to obtain sensitive information due to insufficient session expiration, potentially leading to unauthorized access.
Recommendations
For IBM Watson Query on Cloud Pak for Data versions 1.8, 2.0, 2.1, 2.2, upgrade the affected component immediately.
For IBM Db2 Big SQL on Cloud Pak for Data versions 7.3, 7.4, 7.5, and 7.6, upgrade the affected component immediately.
As a temporary workaround, consider restricting access to sensitive information until a patch is available.
Fix
Insufficient Session Expiration
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Db2 Big Sql
Ibm Watson Query