Cyber Resilience

CVE-2024-22341

Medium

Published: 22 February 2025

Published
22 February 2025
Modified
29 September 2025
KEV Added
Patch
CVSS Score v3.1 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0003 8.4th percentile
Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-22341 is a medium-severity External Control of File Name or Path (CWE-73) vulnerability in Ibm Watson Query With Cloud Pak For Data. Its CVSS base score is 5.3 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 8.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-2 (Account Management) and AC-3 (Access Enforcement).

Deeper analysis

CVE-2024-22341 is a vulnerability in IBM Watson Query on Cloud Pak for Data, affecting versions 4.0.0 through 4.0.9, 4.5.0 through 4.5.3, 4.6.0 through 4.6.6, 4.7.0 through 4.7.4, and 4.8.0 through 4.8.7. It arises from improper privilege management, which could allow unauthorized data access from a remote data source object. The issue is rated with a CVSS v3.1 base score of 5.3 (AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N) and is associated with CWE-73 and NVD-CWE-Other.

A remote attacker with low privileges can exploit this vulnerability over the network, though it requires high attack complexity. Successful exploitation enables high-impact unauthorized access to confidential data from remote data sources, without impacting integrity or availability.

IBM's security advisory provides details on mitigation and patches; see https://www.ibm.com/support/pages/node/7183851.

EU & UK References

Vulnerability details

IBM Watson Query on Cloud Pak for Data 4.0.0 through 4.0.9, 4.5.0 through 4.5.3, 4.6.0 through 4.6.6, 4.7.0 through 4.7.4, and 4.8.0 through 4.8.7 could allow unauthorized data access from a remote data source object due to improper privilege management.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Improper privilege management directly enables exploitation for privilege escalation (T1068) to achieve unauthorized remote data access; network-accessible nature with low-priv attacker also facilitates T1190 against the exposed Cloud Pak service.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-36072Same vendor: Ibm
CVE-2026-3621Same vendor: Ibm
CVE-2023-49886Same vendor: Ibm
CVE-2024-39750Same vendor: Ibm
CVE-2026-9170Same vendor: Ibm
CVE-2026-8175Same vendor: Ibm
CVE-2026-7876Same vendor: Ibm
CVE-2024-22348Same vendor: Ibm
CVE-2024-41787Same vendor: Ibm
CVE-2025-36365Same vendor: Ibm

Affected Assets

ibm
watson query with cloud pak for data
4.0 — 4.0.9 · 4.5 — 4.5.3 · 4.6 — 4.6.6

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly counters improper privilege management by restricting access to remote data source objects to only the privileges necessary for authorized operations.

prevent

Ensures the system enforces approved access authorizations, preventing low-privileged remote attackers from unauthorized data access via flawed privilege checks.

prevent

Provides proper management of accounts, privileges, and roles to avoid misconfigurations that enable unauthorized access to remote data sources.

References