Security Bulletin: IBM CloudPak for Data Scheduling Service is vulernable to CSRF Attack (CVE-2025-47909)

Summary gorilla/csrf is used by Scheduling Service. A vulnerability in gorilla/csrf is addressed. Vulnerability Details CVEID:CVE-2025-47909 DESCRIPTION: Hosts listed in TrustedOrigins implicitly allow requests from the corresponding HTTP origins, allowing network MitMs to perform CSRF attacks...

CVE-2023-27545

IBM Watson CloudPak for Data Data Stores information disclosure 4.6.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 248947...