Security Bulletin: Multiple vulnerabilities affect Data Virtualization on IBM Software Hub (April 2026 - Part 1 of 2)

Summary Multiple vulnerabilities have been addressed in Data Virtualization on IBM Software Hub. Note that Data Virtualization was named Watson Query on IBM Cloud Pak for Data version 4.8. Vulnerability Details CVEID:CVE-2026-23949 DESCRIPTION: jaraco.context, an open-source software package that...

Security Bulletin: Multiple vulnerabilities affect Data Virtualization on IBM Software Hub (February 2026)

Summary Multiple vulnerabilities have been addressed in Data Virtualization on IBM Software Hub. Note that Data Virtualization was named Watson Query on IBM Cloud Pak for Data version 4.8. Vulnerability Details CVEID:CVE-2025-69277 DESCRIPTION: libsodium before ad3004e, in atypical use cases...

Security Bulletin: Multiple vulnerabilities affect Data Virtualization on IBM Software Hub (December 2025)

Summary Multiple vulnerabilities have been addressed in Data Virtualization on IBM Software Hub. Note that Data Virtualization was named Watson Query on IBM Cloud Pak for Data version 4.8. Vulnerability Details CVEID:CVE-2025-8916 DESCRIPTION: Allocation of Resources Without Limits or Throttling...

EUVD-2024-36576

Malicious code in bioql PyPI...

EUVD-2024-19902

Malicious code in bioql PyPI...

EUVD-2022-27556

Malicious code in bioql PyPI...

CVE-2024-37526

IBM Watson Query on Cloud Pak for Data IBM Data Virtualization 1.8, 2.0, 2.1, 2.2, and 3.0.0 could allow an authenticated user to obtain sensitive information from objects published using Watson Query due to an improper data protection mechanism...

CVE-2024-35160

IBM Watson Query on Cloud Pak for Data 1.8, 2.0, 2.1, 2.2 and IBM Db2 Big SQL on Cloud Pak for Data 7.3, 7.4, 7.5, and 7.6 could allow an authenticated user to obtain sensitive information due to insufficient session expiration...

CVE-2024-22341

IBM Watson Query on Cloud Pak for Data 4.0.0 through 4.0.9, 4.5.0 through 4.5.3, 4.6.0 through 4.6.6, 4.7.0 through 4.7.4, and 4.8.0 through 4.8.7 could allow unauthorized data access from a remote data source object due to improper privilege management...

CVE-2024-22341

IBM Watson Query on Cloud Pak for Data 4.0.0 through 4.0.9, 4.5.0 through 4.5.3, 4.6.0 through 4.6.6, 4.7.0 through 4.7.4, and 4.8.0 through 4.8.7 could allow unauthorized data access from a remote data source object due to improper privilege management...

CVE-2024-22341 IBM Watson Query on Cloud Pak for Data information disclosure

IBM Watson Query on Cloud Pak for Data 4.0.0 through 4.0.9, 4.5.0 through 4.5.3, 4.6.0 through 4.6.6, 4.7.0 through 4.7.4, and 4.8.0 through 4.8.7 could allow unauthorized data access from a remote data source object due to improper privilege management...

CVE-2024-22341

CVE-2024-22341 affects IBM Watson Query on Cloud Pak for Data and Data Virtualization on Cloud Pak for Data. The underlying issue is improper privilege management that could allow unauthorized data access from a remote data source object. Public documents confirm the vulnerability details and lis...

CVE-2024-22341 IBM Watson Query on Cloud Pak for Data information disclosure

IBM Watson Query on Cloud Pak for Data 4.0.0 through 4.0.9, 4.5.0 through 4.5.3, 4.6.0 through 4.6.6, 4.7.0 through 4.7.4, and 4.8.0 through 4.8.7 could allow unauthorized data access from a remote data source object due to improper privilege management...

IBM Watson Query 安全漏洞

IBM Watson Query is a general purpose query engine from International Business Machines IBM. It can execute distributed and virtualized queries across databases, data warehouses, data lakes, and streaming data without additional manual changes, data movement, or replication. A security...

Security Bulletin: IBM Db2 Big SQL on Cloud Pak for Data Vulnerable to Insufficient Session Expiration (CVE-2024-35160)

Summary IBM Db2 Big SQL on Cloud Pak for Data is affected by insufficient session expiration when handling authorizations. Vulnerability Details CVEID:CVE-2024-35160 DESCRIPTION: IBM Watson Query on Cloud Pak for Data 1.8, 2.0, 2.1, 2.2 and IBM Db2 Big SQL on Cloud Pak for Data 7.3, 7.4, 7.5, and...

Security Bulletin: IBM Watson Query (Data Virtualization) on Cloud Pak for Data Vulnerable to Insufficient Session Expiration (CVE-2024-35160)

Summary IBM Watson Query, also known as Data Virtualization, is affected by insufficient session expiration when handling authorizations. Vulnerability Details CVEID:CVE-2024-35160 DESCRIPTION: IBM Watson Query on Cloud Pak for Data 1.8, 2.0, 2.1, 2.2 and IBM Db2 Big SQL on Cloud Pak for Data 7.3...

CVE-2024-37526

IBM Watson Query on Cloud Pak for Data IBM Data Virtualization 1.8, 2.0, 2.1, 2.2, and 3.0.0 could allow an authenticated user to obtain sensitive information from objects published using Watson Query due to an improper data protection mechanism...

CVE-2024-37526

IBM Watson Query on Cloud Pak for Data IBM Data Virtualization 1.8, 2.0, 2.1, 2.2, and 3.0.0 could allow an authenticated user to obtain sensitive information from objects published using Watson Query due to an improper data protection mechanism...

CVE-2024-37526

The CVE-2024-37526 entry concerns IBM Watson Query on Cloud Pak for Data (IBM Data Virtualization) up to version 3.0.0. Affected products publish objects to catalogs where only the first N columns are governed (N = 100 in older CPD versions; 1000 in CPD 5.0.0), due to an improper data protection ...

CVE-2024-37526 IBM Watson Query on Cloud Pak for Data information disclosure

IBM Watson Query on Cloud Pak for Data IBM Data Virtualization 1.8, 2.0, 2.1, 2.2, and 3.0.0 could allow an authenticated user to obtain sensitive information from objects published using Watson Query due to an improper data protection mechanism...