22 matches found
CVE-2025-36180
IBM watsonx.data 2.2 through 2.3 IBM Lakehouse does not properly restrict communication between pods which could allow an attacker to transfer data between pods without restrictions...
CVE-2025-36145
IBM watsonx.data 2.2 through 2.3.1 IBM Lakehouse does not properly restrict inbound and outbound connections which could allow an attacker to transfer or modify files without restrictions...
CVE-2025-36145
IBM watsonx.data 2.2 through 2.3.1 IBM Lakehouse does not properly restrict inbound and outbound connections which could allow an attacker to transfer or modify files without restrictions...
PT-2026-43280
IBM watsonx.data 2.2 through 2.3.1 IBM Lakehouse does not properly restrict inbound and outbound connections which could allow an attacker to transfer or modify files without restrictions...
CVE-2025-36335
IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.3.0, 5.3.1 stores user credentials in plain text which can be read by a local user...
CVE-2025-36180
IBM watsonx.data 2.2 through 2.3 IBM Lakehouse does not properly restrict communication between pods which could allow an attacker to transfer data between pods without restrictions...
CVE-2025-36180
IBM watsonx.data 2.2 through 2.3 IBM Lakehouse does not properly restrict communication between pods which could allow an attacker to transfer data between pods without restrictions...
CVE-2025-36335
CVE-2025-36335 affects IBM watsonx.data intelligence releases 5.2.0, 5.2.1, 5.3.0, and 5.3.1. The root cause is that user credentials are stored in plain text, allowing a local user to read them. This leads to confidentiality impact (high) per the CVSS metrics, with access restricted to local con...
Security Bulletin: SMTP Command Injection Vulnerability in Netty SMTP Codec (Fixed in 4.1.129.Final and 4.2.8.Final) affect IBM watsonx.data
Summary Netty versions prior to 4.1.129.Final and 4.2.8.Final contains an SMTP command injection vulnerability in its SMTP codec due to improper CRLF validation. Attackers who control SMTP parameters can inject arbitrary commands, potentially forging emails that pass SPF and DKIM checks. Upgradin...
CVE-2025-36183
IBM watsonx.data 2.2 through 2.2.1 IBM Lakehouse could allow a privileged user to upload malicious files that could be executed server to modify limited files or data...
IBM Watsonx.data 代码问题漏洞
IBM Watsonx.data is an open data lake platform developed by IBM. There were code vulnerabilities in versions 2.2 to 2.2.1 of IBM Watsonx.data. These vulnerabilities allowed privileged users to upload malicious files and execute them on the server, potentially leading to modifications to files or...
CVE-2025-36140
IBM watsonx.data 2.2 through 2.2.1 could allow an authenticated user to cause a denial of service through ingestion pods due to improper allocation of resources without limits...
CVE-2025-36140
IBM watsonx.data 2.2 through 2.2.1 could allow an authenticated user to cause a denial of service through ingestion pods due to improper allocation of resources without limits...
CVE-2025-36140 IBM watsonx.data Denial of Service
IBM watsonx.data 2.2 through 2.2.1 could allow an authenticated user to cause a denial of service through ingestion pods due to improper allocation of resources without limits...
CVE-2025-36140 IBM watsonx.data Denial of Service
IBM watsonx.data 2.2 through 2.2.1 could allow an authenticated user to cause a denial of service through ingestion pods due to improper allocation of resources without limits...
CVE-2025-36144 IBM watsonx.data information disclosure
IBM Lakehouse watsonx.data 2.2 stores potentially sensitive information in log files that could be read by a local user...
CVE-2025-36144 IBM watsonx.data information disclosure
IBM Lakehouse watsonx.data 2.2 stores potentially sensitive information in log files that could be read by a local user...
CVE-2025-36146 IBM watsonx.data information disclosure
IBM Lakehouse watsonx.data 2.2 could allow an authenticated user to obtain sensitive server component version information which could aid in further attacks against the system...
CVE-2025-36143 IBM watsonx.data command execution
IBM Lakehouse watsonx.data 2.2 could allow an authenticated privileged user to execute arbitrary commands on the system due to improper validation of user supplied input...
CVE-2025-36139 IBM watsonx.data cross-site scripting
IBM Lakehouse watsonx.data 2.2 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...