CVE-2025-13688

IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input through the wrapped command component...

CVE-2025-13686

IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input through the job subroutine component...

CVE-2025-13688

IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input through the wrapped command component...

CVE-2025-13616 DataStage on Cloud Pak for Data is vulnerable to sensitive information leak due to HTTP response

IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 returns sensitive information in an HTTP response that could be used in further attacks against the system...

CVE-2025-13616

IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 returns sensitive information in an HTTP response that could be used in further attacks against the system...

PT-2026-22795

IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 returns sensitive information in an HTTP response that could be used in further attacks against the system...

PT-2026-22817

IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input through the user-defined function component...

CVE-2025-13689

IBM DataStage on Cloud Pak for Data could allow an authenticated user to execute arbitrary commands and gain access to sensitive information due to unrestricted file uploads...

CVE-2022-38714

IBM DataStage on Cloud Pak for Data 4.0.6 to 4.5.2 stores sensitive credential information that can be read by a privileged user. IBM X-Force ID: 235060...

EUVD-2022-41283

Malicious code in bioql PyPI...

Security Bulletin: Vulnerabilities with DataStage on Cloud Pak for Data related to Apache hbase-client 2.4.15

Summary IBM has released the below fix for IBM DataStage on Cloud Pak for Data in response to multiple vulnerabilities found in components. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2015-5237 DESCRIPTION: Google Protocol Buffers cou...

Security Bulletin: IBM DataStage on Cloud Pak for Data is vulnerable to denial of service due to the FasterXML jackson-databind package (CVE-2023-35116)

Summary Jackson-databind is used by IBM DataStage on Cloud Pak for Data as part of data processing. Vulnerability Details CVEID:CVE-2023-35116 DESCRIPTION: Fasterxml jackson-databind is vulnerable to a denial of service, caused by a stack-based overflow. By persuading a victim to open a specially...

Security Bulletin: IBM DataStage on Cloud Pak for Data is vulnerable to unlimited data accumulation due to the Netty package ( CVE-2024-29025)

Summary Netty is used by IBM DataStage on Cloud Pak for Data as part of server processing. Vulnerability Details CVEID:CVE-2024-29025 DESCRIPTION: Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients...

Security Bulletin: IBM DataStage on Cloud Pak for Data is vulnerable to HTTP header injection due to the Django package (CVE-2021-32052)

Summary Django is used by IBM DataStage on Cloud Pak for Data as part of server processing. Vulnerability Details CVEID:CVE-2021-32052 DESCRIPTION: Django is vulnerable to HTTP header injection, caused by improper validation of input in URLValidator. By persuading a victim to visit a...

Security Bulletin: IBM DataStage on Cloud Pak for Data is vulnerable to denial of service due to the FasterXML Jackson Core package (PRISMA-2023-0067)

Summary Jackson is used by IBM DataStage on Cloud Pak for Data for JSON parsing. Vulnerability Details IBM X-Force ID: 256137 DESCRIPTION: FasterXML Jackson Core is vulnerable to a denial of service, caused by improper input validation by the StreamReadConstraints value field. By sending a...

Security Bulletin: IBM DataStage on Cloud Pak for Data is vulnerable to a phishing attack due to the ExpressJS package (CVE-2024-29041)

Summary ExpressJS is used by IBM DataStage on Cloud Pak for Data as part of the web application framework. Vulnerability Details CVEID:CVE-2024-29041 DESCRIPTION: Express.js Express could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker...

Security Bulletin: IBM DataStage on Cloud Pak for Data is vulnerable to authentication and command execution issues due to the Eclipse Jetty package (CVE-2023-36479, CVE-2023-40167, CVE-2023-41900)

Summary Eclipse Jetty is used by IBM DataStage on Cloud Pak for Data as part of web server functionality. Vulnerability Details CVEID:CVE-2023-36479 DESCRIPTION: Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific...

Security Bulletin: IBM DataStage on Cloud Pak for Data is vulnerable to denial of service due to GNOME GLib (CVE-2023-32636)

Summary GNOME GLib is used by IBM DataStage on Cloud Pak for Data as part of the data handling functionality. Vulnerability Details CVEID:CVE-2023-32636 DESCRIPTION: GNOME GLib is vulnerable to a denial of service, caused by a flaw in the fuzzvarianttext function. By sending a specially crafted...

Security Bulletin: IBM DataStage on Cloud Pak for Data is vulnerable to denial of service due to the FasterXML jackson-databind package (CVE-2023-35116)

Summary Jackson-databind is used by IBM DataStage on Cloud Pak for Data as part of data processing. Vulnerability Details CVEID:CVE-2023-35116 DESCRIPTION: Fasterxml jackson-databind is vulnerable to a denial of service, caused by a stack-based overflow. By persuading a victim to open a specially...

Security Bulletin: IBM DataStage on Cloud Pak for Data is vulnerable to sensitive information leaks due to a flaw in the Kubernetes kube-apiserver (CVE-2019-11250, CVE-2020-8565)

Summary Kubernetes is used by IBM DataStage on Cloud Pak for Data as part of the container environment. Vulnerability Details CVEID:CVE-2019-11250 DESCRIPTION: Kubernetes could allow a local authenticated attacker to obtain sensitive information, caused by storing credentials in the log by the...