IBM Data Virtualization
Easy fix3 remedies
cpe:2.3:a:ibm:data_virtualization_on_cloud_pak_for_data:*:*:*:*:*:*:*
Easy fix3 remedies
- 3.0.0
- 1.8
- 2.0
- 2.1
- 2.2
IBM Watson Query and Data Virtualization Improper Data Protection Vulnerability Allowing Sensitive Information Disclosure
Vulnerability
Patched
A vulnerability exists in IBM Watson Query on Cloud Pak for Data, specifically in the Data Virtualization components of versions 1.8, 2.0, 2.1, 2.2, and 3.0.0. This vulnerability could enable an authenticated user to access sensitive information from objects published through Watson Query. The issue arises from an inadequate data protection mechanism, which fails to govern all columns of published objects, leaving certain sensitive data unprotected.
Impact
Exploitation of this vulnerability could lead to unauthorized access to sensitive information from governed objects, specifically from columns beyond the first n columns, where n varies by Cloud Pak for Data version.
Remediation
Users are advised to upgrade to IBM Data Virtualization on Cloud Pak for Data version 5.0.1 or later, or IBM Watson Query on Cloud Pak for Data version 4.8.6 or later. After upgrading, identify all Data Virtualization objects with more than 100 columns, re-publish them to governed catalogs, and delete the original catalog asset according to the configured catalog de-duplication logic.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
1.4impact
2.5exploitability
4.9remediation
8.3relevance
0.0threat
0.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.