16 matches found
CVE-2025-36180
IBM watsonx.data 2.2 through 2.3 IBM Lakehouse does not properly restrict communication between pods which could allow an attacker to transfer data between pods without restrictions...
CVE-2025-36145
CVE-2025-36145 affects IBM watsonx.data (Lakehouse) versions 2.2–2.3.1. The issue is inadequate restriction of inbound/outbound connections, enabling an attacker to transfer or modify files without proper controls. Impact: confidentiality/integrity concerns with file operations; no exploit detail...
CVE-2025-36180 Inadequate Pod Communication Restrictions, affects watsonx.data
IBM watsonx.data 2.2 through 2.3 IBM Lakehouse does not properly restrict communication between pods which could allow an attacker to transfer data between pods without restrictions...
CVE-2025-36183
IBM watsonx.data 2.2 through 2.2.1 IBM Lakehouse could allow a privileged user to upload malicious files that could be executed server to modify limited files or data...
Security Bulletin: Privileged User File Upload Vulnerability Leading to Limited Server-Side Execution affects watsonx.data
Summary Malicious File Upload by Privileged Users in IBM Lakehouse May Allow Limited File or Data Modification. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2025-36183 DESCRIPTION: IBM Lakehouse could allow a privileged user to upload malicious files that could be executed server...
EUVD-2025-29859
Malicious code in bioql PyPI...
CVE-2025-36144
IBM Lakehouse watsonx.data 2.2 stores potentially sensitive information in log files that could be read by a local user...
CVE-2025-36143
IBM Lakehouse watsonx.data 2.2 could allow an authenticated privileged user to execute arbitrary commands on the system due to improper validation of user supplied input...
CVE-2025-36139
IBM Lakehouse watsonx.data 2.2 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...
CVE-2025-36146
IBM Lakehouse watsonx.data 2.2 could allow an authenticated user to obtain sensitive server component version information which could aid in further attacks against the system...
CVE-2025-36146
IBM Lakehouse (watsonx.data 2.2) contains an information disclosure vulnerability where an authenticated user could obtain sensitive server component version information from stack traces. The issue stems from CWE-209 and is documented in IBM’s Security Bulletin (CVE-2025-36146). Impact is limite...
CVE-2025-36143
IBM Lakehouse watsonx.data 2.2 is affected by an OS command injection vulnerability caused by improper validation of user input. An authenticated privileged user could execute arbitrary commands on the system. The CVE is CVE-2025-36143. Remediation provided in the IBM security bulletin is to upgr...
CVE-2025-36143 IBM watsonx.data command execution
IBM Lakehouse watsonx.data 2.2 could allow an authenticated privileged user to execute arbitrary commands on the system due to improper validation of user supplied input...
CVE-2025-36143 IBM watsonx.data command execution
IBM Lakehouse watsonx.data 2.2 could allow an authenticated privileged user to execute arbitrary commands on the system due to improper validation of user supplied input...
Security Bulletin: Stored Cross-Site Scripting (XSS) Vulnerability in IBM Lakehouse Web UI Enables Privileged Code Injection, affects watsonx.data
Summary IBM Lakehouse is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. This can affect...
Security Bulletin: Information Disclosure in IBM Lakehouse Allows Authenticated Users to Obtain Server Component Version Details , affects watsonx.data
Summary IBM Lakehouse could allow an authenticated user to obtain sensitive server component version information which could aid in further attacks against the system. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2025-36181 DESCRIPTION: IBM Lakehouse could allow an authenticated...