CVE-2025-37088

CVE-2025-37088 affects HPE Cray Data Virtualization Service (DVS). The vulnerability arises from race conditions and configuration issues, potentially allowing local or cluster‑level unauthorized access. Documented impact states unauthorized access as the outcome; exploitation status is not detai...

CVE-2025-37088

A security vulnerability has been identified in HPE Cray Data Virtualization Service DVS. Depending on race conditions and configuration, this vulnerability may lead to local/cluster unauthorized access...

PT-2025-17596 · Hewlett Packard · Hpe Cray Data Virtualization Service

Name of the Vulnerable Software and Affected Versions: HPE Cray Data Virtualization Service DVS affected versions not specified Description: A security issue has been identified in HPE Cray Data Virtualization Service DVS, which may lead to unauthorized local or cluster access under certain...

Hewlett Packard Enterprise Cray Data Virtualization Service 安全漏洞

Hewlett Packard Enterprise Cray Data Virtualization Service HPE DVS is an application from Hewlett Packard Enterprise USA. A security vulnerability exists in Hewlett Packard Enterprise Cray Data Virtualization Service that stems from a competitive condition and configuration issue that could resu...

Security Bulletin: Multiple vulnerabilities affect IBM Data Virtualization on Cloud Pak for Data (February 2025)

Summary Multiple vulnerabilities have been addressed in IBM Data Virtualization on Cloud Pak for Data. Note that IBM Data Virtualization was named Watson Query in IBM Cloud Pak for Data version 4.6, 4.7, and 4.8. Vulnerability Details CVEID:CVE-2024-4067 DESCRIPTION: Node.js micromatch module is...

Security Bulletin: Multiple vulnerabilities affect IBM Data Virtualization on Cloud Pak for Data (January 2025)

Summary Multiple vulnerabilities have been addressed in IBM Data Virtualization on Cloud Pak for Data. Note that IBM Data Virtualization was named Watson Query in IBM Cloud Pak for Data version 4.6, 4.7, and 4.8. Vulnerability Details CVEID:CVE-2022-46363 DESCRIPTION: Apache CXF could allow a...

Security Bulletin: Multiple vulnerabilities affect IBM Data Virtualization on Cloud Pak for Data (March 2025)

Summary Multiple vulnerabilities have been addressed in IBM Data Virtualization on Cloud Pak for Data. Note that IBM Data Virtualization was named Watson Query in IBM Cloud Pak for Data version 4.6, 4.7, and 4.8. Vulnerability Details CVEID:CVE-2023-39410 DESCRIPTION: When deserializing untrusted...

CVE-2024-52899

IBM Data Virtualization Manager for z/OS 1.1 and 1.2 could allow an authenticated user to inject malicious JDBC URL parameters and execute code on the server...

Security Bulletin: IBM Watson Query (Data Virtualization) on Cloud Pak for Data Vulnerable to Insufficient Session Expiration (CVE-2024-35160)

Summary IBM Watson Query, also known as Data Virtualization, is affected by insufficient session expiration when handling authorizations. Vulnerability Details CVEID:CVE-2024-35160 DESCRIPTION: IBM Watson Query on Cloud Pak for Data 1.8, 2.0, 2.1, 2.2 and IBM Db2 Big SQL on Cloud Pak for Data 7.3...

CVE-2024-37526

IBM Watson Query on Cloud Pak for Data IBM Data Virtualization 1.8, 2.0, 2.1, 2.2, and 3.0.0 could allow an authenticated user to obtain sensitive information from objects published using Watson Query due to an improper data protection mechanism...

PT-2025-2501 · Ibm · Ibm Watson Query

Name of the Vulnerable Software and Affected Versions: IBM Watson Query on Cloud Pak for Data IBM Data Virtualization versions 1.8 through 3.0.0 Description: The issue allows an authenticated user to obtain sensitive information from objects published using Watson Query due to an improper data...

IBM Data Virtualization Manager Code Execution Vulnerability

IBM Data Virtualization Manager is a general-purpose query engine from International Business Machines IBM that performs distributed and virtualized queries across databases, data warehouses, data lakes, and streaming data. A code execution vulnerability exists in IBM Data Virtualization Manager...

Security Bulletin: IBM Data Virtualization Manager for z/OS has a remote code execution (RCE) vulnerability

Summary IBM Data Virtualization Manager for z/OS has a remote code execution RCE vulnerability. Vulnerability Details CVEID:CVE-2024-52899 DESCRIPTION: IBM Data Virtualization Manager for z/OS could allow an authenticated user to inject malicious JDBC URL parameters and execute code on the server...

CVE-2024-52899

IBM Data Virtualization Manager for z/OS 1.1 and 1.2 could allow an authenticated user to inject malicious JDBC URL parameters and execute code on the server...

CVE-2024-52899

IBM Data Virtualization Manager for z/OS 1.1 and 1.2 could allow an authenticated user to inject malicious JDBC URL parameters and execute code on the server...

CVE-2024-52899 IBM Data Virtualization Manager code execution

IBM Data Virtualization Manager for z/OS 1.1 and 1.2 could allow an authenticated user to inject malicious JDBC URL parameters and execute code on the server...

CVE-2024-52899

IBM Data Virtualization Manager for z/OS is affected in v1.1 and v1.2 by a code-execution vulnerability where an authenticated user can inject malicious JDBC URL parameters to execute server code. Root cause: improper filtering of elements that form code segments (CRLF injection). Impact: remote ...

CVE-2024-52899 IBM Data Virtualization Manager code execution

IBM Data Virtualization Manager for z/OS 1.1 and 1.2 could allow an authenticated user to inject malicious JDBC URL parameters and execute code on the server...

IBM Data Virtualization Manager 安全漏洞

IBM Data Virtualization Manager is a general-purpose query engine from International Business Machines IBM that performs distributed and virtualized queries across databases, data warehouses, data lakes, and streaming data. A code execution vulnerability exists in IBM Data Virtualization Manager...

PT-2024-35477 · Ibm · Ibm Data Virtualization Manager For Z/Os

Name of the Vulnerable Software and Affected Versions: IBM Data Virtualization Manager for z/OS versions 1.1 through 1.2 Description: The issue allows an authenticated user to inject malicious JDBC URL parameters and execute code on the server. Recommendations: For versions 1.1 and 1.2, consider...