{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-35160","assignerOrgId":"9a959283-ebb5-44b6-b705-dcc2bbced522","state":"PUBLISHED","assignerShortName":"ibm","dateReserved":"2024-05-09T16:27:47.448Z","datePublished":"2024-11-23T13:48:16.110Z","dateUpdated":"2024-11-24T12:30:18.144Z"},"containers":{"cna":{"affected":[{"cpes":["cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:1.8:*:*:*:*:*:*:*","cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:2.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:2.1:*:*:*:*:*:*:*","cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:2.2:*:*:*:*:*:*:*","cpe:2.3:a:ibm:big_sql:7.3:*:*:*:*:*:*:*","cpe:2.3:a:ibm:big_sql:7.4:*:*:*:*:*:*:*","cpe:2.3:a:ibm:big_sql:7.5:*:*:*:*:*:*:*","cpe:2.3:a:ibm:big_sql:7.6:*:*:*:*:*:*:*"],"defaultStatus":"unaffected","product":"Watson Query for Cloud Pak for Data","vendor":"IBM","versions":[{"status":"affected","version":"1.8, 2.0, 2.1, 2.2"}]},{"defaultStatus":"unaffected","product":"Db2 Big SQL on Cloud Pak for Data","vendor":"IBM","versions":[{"status":"affected","version":"7.3, 7.4, 7.5, 7.6"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"IBM Watson Query on Cloud Pak for Data 1<span style=\"background-color: rgb(255, 255, 255);\">.8, 2.0, 2.1, 2.2</span>&nbsp;and IBM Db2 Big SQL on Cloud Pak for Data 7.3, 7.4, 7.5, and 7.6&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">could allow an authenticated user to obtain sensitive information due to insufficient session expiration.</span>"}],"value":"IBM Watson Query on Cloud Pak for Data 1.8, 2.0, 2.1, 2.2 and IBM Db2 Big SQL on Cloud Pak for Data 7.3, 7.4, 7.5, and 7.6 could allow an authenticated user to obtain sensitive information due to insufficient session expiration."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":4.3,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"NONE","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-613","description":"CWE-613 Insufficient Session Expiration","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"9a959283-ebb5-44b6-b705-dcc2bbced522","shortName":"ibm","dateUpdated":"2024-11-23T13:48:16.110Z"},"references":[{"tags":["vendor-advisory"],"url":"https://www.ibm.com/support/pages/node/7168703"},{"tags":["vendor-advisory"],"url":"https://www.ibm.com/support/pages/node/7176947"}],"source":{"discovery":"UNKNOWN"},"title":"IBM Watson Query on Cloud Pak for Data and IBM Db2 Big SQL on Cloud Pak for Data information disclosure","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-11-24T12:30:09.564089Z","id":"CVE-2024-35160","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-11-24T12:30:18.144Z"}}]}}