IBM Watson Query Data Virtualization Insufficient Session Expiration Vulnerability (CVE-2024-35160)

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. Vulnerability Name: IBM Watson Query (Data Virtualization) on Cloud Pak for Data Vulnerable to Insufficient Session Expiration (CVE-2024-35160) 2. Affected Products: - IBM Watson Query on Cloud Pak for Data - IBM Data Virtualization on Cloud Pak for Data 3. Affected Versions: - IBM Watson Query on Cloud Pak for Data: 2.2, 2.1, 2.0 - IBM Data Virtualization on Cloud Pak for Data: 1.8 4. Remediation Recommendation: - IBM strongly recommends upgrading to the latest version: IBM Data Virtualization on Cloud Pak for Data version 5.0.0 or higher. 5. Vulnerability Description: - IBM Watson Query on Cloud Pak for Data and IBM Db2 Big SQL on Cloud Pak for Data allow unauthorized users to access sensitive information due to insufficient session expiration. 6. Vulnerability Type: - CWE-613: Insufficient Session Expiration 7. CVSS Score: - CVSS Base Score: 4.3 - CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) 8. Affected Products and Services: - IBM Watson Query (Data Virtualization) on Cloud Pak for Data - IBM Data Virtualization on Cloud Pak for Data 9. Exploitation Mechanism and Mitigation: - No exploitation mechanism or mitigation details provided. 10. Reference Links: - Complete CVSS v3 Guide - On-line Calculator v3 11. Related Links: - IBM Secure Engineering Web Portal - IBM Product Security Incident Response Blog 12. Disclaimer: - The CVSS score provided by IBM is for reference only and does not guarantee the security of any specific product. This information helps users understand the vulnerability details, affected products and versions, remediation recommendations, and related resources.

Goal Reached Thanks to every supporter — we hit 100%!

IBM Watson Query Data Virtualization Insufficient Session Expiration Vulnerability (CVE-2024-35160)