Login Sign Up

CVE-2022-22410

7.2 HIGH

📋 TL;DR

CVE-2022-22410 is an information disclosure vulnerability in IBM Watson Query with Cloud Pak for Data as a Service that allows authenticated users to access sensitive configuration and data source information. This could enable attackers to examine or modify system configurations and connected data sources. The vulnerability affects authenticated users of the service.

💻 Affected Systems

Products:
  • IBM Watson Query with Cloud Pak for Data as a Service
Versions: Specific versions not publicly detailed in references, but affects Cloud Pak for Data as a Service deployments
Operating Systems: Cloud-based service, OS independent
Default Config Vulnerable: ⚠️ Yes
Notes: Affects Cloud Pak for Data as a Service deployments; requires authenticated access to the Watson Query service

📦 What is this software?

Watson Query by Ibm

View all CVEs affecting Watson Query →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An authenticated attacker could gain full access to system configurations and connected data sources, potentially compromising all data managed by Watson Query and enabling lateral movement to connected systems.

🟠

Likely Case

Authenticated users with malicious intent could access sensitive configuration details and potentially modify data source connections, leading to data exposure or manipulation.

🟢

If Mitigated

With proper authentication controls and network segmentation, the impact is limited to authorized users who already have some level of access to the system.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Requires authenticated access to the service; exploitation likely involves API calls or service interactions to access sensitive information

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not version-specific for Cloud Pak for Data as a Service; IBM applies fixes automatically to their cloud service

Vendor Advisory: https://www.ibm.com/support/pages/node/6569235

Restart Required: No

Instructions:

For Cloud Pak for Data as a Service: IBM applies patches automatically to their cloud infrastructure. No customer action required beyond verifying service updates. For on-premise deployments: Apply IBM security updates as per vendor guidance.

🔧 Temporary Workarounds

Restrict User Access

all

Limit authenticated user access to only necessary functions and implement principle of least privilege

Network Segmentation

all

Isolate Watson Query service from sensitive data sources and limit network access

🧯 If You Can't Patch

  • Implement strict access controls and audit all authenticated user activities
  • Monitor for unusual access patterns to configuration endpoints and data source connections

🔍 How to Verify

Check if Vulnerable:

Check IBM Cloud Pak for Data as a Service status page or contact IBM support to confirm if your deployment was affected

Check Version:

For Cloud Pak for Data as a Service: Contact IBM support. For on-premise: Check IBM documentation for version verification commands.

Verify Fix Applied:

IBM automatically applies fixes to their cloud service; verify through IBM support or service status updates

📡 Detection & Monitoring

Log Indicators:

  • Unusual access patterns to configuration endpoints
  • Multiple failed attempts to access sensitive system information
  • Unauthorized user accessing data source connection details

Network Indicators:

  • Unusual API calls to configuration or data source endpoints
  • Traffic patterns indicating information gathering

SIEM Query:

source="watson-query" AND (event_type="config_access" OR event_type="data_source_access") AND user!="authorized_admin"

📊 Metadata

CVE ID: CVE-2022-22410
CVSS v3 Score: 7.2 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Published: April 6, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON