Lucene search
K

16 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:42 p.m.10 views

CVE-2025-36180

IBM watsonx.data 2.2 through 2.3 IBM Lakehouse does not properly restrict communication between pods which could allow an attacker to transfer data between pods without restrictions...

7.5CVSS5.4AI score0.00186EPSS
Exploits0References1
CVE
CVE
added 2026/05/26 3:50 p.m.17 views

CVE-2025-36145

CVE-2025-36145 affects IBM watsonx.data (Lakehouse) versions 2.2–2.3.1. The issue is inadequate restriction of inbound/outbound connections, enabling an attacker to transfer or modify files without proper controls. Impact: confidentiality/integrity concerns with file operations; no exploit detail...

5.4CVSS5.8AI score0.00166EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/04/30 9:28 p.m.32 views

CVE-2025-36180 Inadequate Pod Communication Restrictions, affects watsonx.data

IBM watsonx.data 2.2 through 2.3 IBM Lakehouse does not properly restrict communication between pods which could allow an attacker to transfer data between pods without restrictions...

5.3CVSS0.00186EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/17 9:32 p.m.4 views

CVE-2025-36183

IBM watsonx.data 2.2 through 2.2.1 IBM Lakehouse could allow a privileged user to upload malicious files that could be executed server to modify limited files or data...

3.8CVSS5.5AI score0.00185EPSS
Exploits0References2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/09 5:2 p.m.8 views

Security Bulletin: Privileged User File Upload Vulnerability Leading to Limited Server-Side Execution affects watsonx.data

Summary Malicious File Upload by Privileged Users in IBM Lakehouse May Allow Limited File or Data Modification. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2025-36183 DESCRIPTION: IBM Lakehouse could allow a privileged user to upload malicious files that could be executed server...

3.8CVSS5.5AI score0.00185EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-29859

Malicious code in bioql PyPI...

5.5CVSS6.6AI score0.00173EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/09/29 1:48 p.m.6 views

CVE-2025-36144

IBM Lakehouse watsonx.data 2.2 stores potentially sensitive information in log files that could be read by a local user...

3.3CVSS6.1AI score0.00116EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/09/20 3:28 p.m.17 views

CVE-2025-36143

IBM Lakehouse watsonx.data 2.2 could allow an authenticated privileged user to execute arbitrary commands on the system due to improper validation of user supplied input...

7.2CVSS7.3AI score0.00315EPSS
Exploits0References1
OSV
OSV
added 2025/09/18 4:15 p.m.4 views

CVE-2025-36139

IBM Lakehouse watsonx.data 2.2 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

4.8CVSS5.5AI score0.00173EPSS
Exploits0References1
OSV
OSV
added 2025/09/18 4:15 p.m.5 views

CVE-2025-36146

IBM Lakehouse watsonx.data 2.2 could allow an authenticated user to obtain sensitive server component version information which could aid in further attacks against the system...

4.3CVSS5.8AI score0.00214EPSS
Exploits0References1
CVE
CVE
added 2025/09/18 3:15 p.m.19 views

CVE-2025-36146

IBM Lakehouse (watsonx.data 2.2) contains an information disclosure vulnerability where an authenticated user could obtain sensitive server component version information from stack traces. The issue stems from CWE-209 and is documented in IBM’s Security Bulletin (CVE-2025-36146). Impact is limite...

4.3CVSS5.8AI score0.00214EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2025/09/18 3:14 p.m.19 views

CVE-2025-36143

IBM Lakehouse watsonx.data 2.2 is affected by an OS command injection vulnerability caused by improper validation of user input. An authenticated privileged user could execute arbitrary commands on the system. The CVE is CVE-2025-36143. Remediation provided in the IBM security bulletin is to upgr...

7.2CVSS6.9AI score0.00315EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/09/18 3:14 p.m.4 views

CVE-2025-36143 IBM watsonx.data command execution

IBM Lakehouse watsonx.data 2.2 could allow an authenticated privileged user to execute arbitrary commands on the system due to improper validation of user supplied input...

4.7CVSS6.8AI score0.00315EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/18 3:14 p.m.6 views

CVE-2025-36143 IBM watsonx.data command execution

IBM Lakehouse watsonx.data 2.2 could allow an authenticated privileged user to execute arbitrary commands on the system due to improper validation of user supplied input...

4.7CVSS0.00315EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/18 2:54 p.m.5 views

Security Bulletin: Stored Cross-Site Scripting (XSS) Vulnerability in IBM Lakehouse Web UI Enables Privileged Code Injection, affects watsonx.data

Summary IBM Lakehouse is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. This can affect...

5.5CVSS6.1AI score0.00173EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/18 2:51 p.m.8 views

Security Bulletin: Information Disclosure in IBM Lakehouse Allows Authenticated Users to Obtain Server Component Version Details , affects watsonx.data

Summary IBM Lakehouse could allow an authenticated user to obtain sensitive server component version information which could aid in further attacks against the system. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2025-36181 DESCRIPTION: IBM Lakehouse could allow an authenticated...

6.1AI score
Exploits0Affected Software1
Rows per page
Query Builder