2024-11-26
Platform: IBM Watson Query on Cloud Pak for Data, IBM Db2 Big SQL on Cloud Pak for Data
Version: 1.8, 2.0, 2.1, 2.2 (Watson Query), 7.3, 7.4, 7.5, 7.6 (Db2 Big SQL)
Vulnerability: Insufficient session expiration
Severity: Critical
Date: November 23, 2024
What Undercode Says:
A critical vulnerability (CVE-2024-35160) has been identified in IBM Watson Query on Cloud Pak for Data and IBM Db2 Big SQL on Cloud Pak for Data. This vulnerability allows authenticated users to gain access to sensitive information due to sessions not expiring as intended.
Affected Versions:
IBM Watson Query on Cloud Pak for Data: 1.8, 2.0, 2.1, 2.2
IBM Db2 Big SQL on Cloud Pak for Data: 7.3, 7.4, 7.5, 7.6
Recommendations:
Update IBM Watson Query on Cloud Pak for Data and IBM Db2 Big SQL on Cloud Pak for Data to the latest patched versions as soon as possible.
Implement additional security measures such as strong password policies and multi-factor authentication to mitigate the risk of unauthorized access.
Additional Notes:
This vulnerability was identified by IBM and a security bulletin has been released (link not provided in this excerpt).
The severity of this vulnerability is rated as critical due to the potential for unauthorized access to sensitive information.
We recommend that all users of IBM Watson Query on Cloud Pak for Data and IBM Db2 Big SQL on Cloud Pak for Data take steps to address this vulnerability as soon as possible.
References:
Reported By: Nvd.nist.gov
Undercode AI: https://ai.undercodetesting.com
Image Source:
OpenAI: https://openai.com
Undercode AI DI v2: https://ai.undercode.help