Lucene search
K

30 matches found

NVD
NVD
added last week6 views

CVE-2025-36321

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

5.7CVSS0.00398EPSS
Exploits0References1
NVD
NVD
added last week6 views

CVE-2025-12530

IBM watsonx.data intelligence 5.2.2, 5.3.0, 5.3.1, 5.3.1 through patch-1 transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques...

5.9CVSS0.00203EPSS
Exploits0References1
EUVD
EUVD
added last week6 views

EUVD-2025-210384

IBM watsonx.data intelligence 5.2.2, 5.3.0, 5.3.1, 5.3.1 through patch-1 transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques...

5.9CVSS5.8AI score0.00203EPSS
Exploits0References1
CVE
CVE
added last week10 views

CVE-2025-36319

CVE-2025-36319 affects IBM watsonx.data intelligence versions 5.2.0, 5.2.1, 5.2.2, and 5.3.0. The issue allows an authenticated user to trigger a temporary denial of service via a specially crafted HTTP request caused by improper allocation of resource throttling. The connected data sources do no...

4.3CVSS5.8AI score0.00422EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added last week7 views

EUVD-2025-210382

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a...

6.4CVSS5.5AI score0.00251EPSS
Exploits0References1
EUVD
EUVD
added last week6 views

EUVD-2025-210380

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

5.4CVSS5.5AI score0.00226EPSS
Exploits0References1
CVE
CVE
added last week14 views

CVE-2025-36327

CVE-2025-36327 affects IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, and 5.3.0. An authenticated user can bypass security controls and perform unauthorized actions due to client-side enforcement of server-side security. The issue is described as a failure of client-side controls to enforce s...

6.5CVSS5.8AI score0.00375EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.5 views

PT-2026-53981

Name of the Vulnerable Software and Affected Versions IBM watsonx.data intelligence versions 5.2.0 through 5.3.0 Description An authenticated user can perform unauthorized actions because of improper enforcement of the behavioral workflow. Recommendations At the moment, there is no information...

4.3CVSS5.9AI score0.00277EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:42 p.m.10 views

CVE-2025-36180

IBM watsonx.data 2.2 through 2.3 IBM Lakehouse does not properly restrict communication between pods which could allow an attacker to transfer data between pods without restrictions...

7.5CVSS5.4AI score0.00186EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:42 p.m.10 views

CVE-2025-36145

IBM watsonx.data 2.2 through 2.3.1 IBM Lakehouse does not properly restrict inbound and outbound connections which could allow an attacker to transfer or modify files without restrictions...

5.4CVSS5.5AI score0.00166EPSS
Exploits0References1
NVD
NVD
added 2026/05/26 5:16 p.m.10 views

CVE-2025-36145

IBM watsonx.data 2.2 through 2.3.1 IBM Lakehouse does not properly restrict inbound and outbound connections which could allow an attacker to transfer or modify files without restrictions...

5.4CVSS0.00166EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.12 views

PT-2026-43280

IBM watsonx.data 2.2 through 2.3.1 IBM Lakehouse does not properly restrict inbound and outbound connections which could allow an attacker to transfer or modify files without restrictions...

5.4CVSS5.8AI score0.00166EPSS
Exploits0References2
NVD
NVD
added 2026/04/30 10:16 p.m.6 views

CVE-2025-36180

IBM watsonx.data 2.2 through 2.3 IBM Lakehouse does not properly restrict communication between pods which could allow an attacker to transfer data between pods without restrictions...

7.5CVSS0.00186EPSS
Exploits0References1
NVD
NVD
added 2026/04/30 10:16 p.m.5 views

CVE-2025-36335

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.3.0, 5.3.1 stores user credentials in plain text which can be read by a local user...

6.2CVSS0.00093EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/30 9:28 p.m.4 views

CVE-2025-36180

IBM watsonx.data 2.2 through 2.3 IBM Lakehouse does not properly restrict communication between pods which could allow an attacker to transfer data between pods without restrictions...

5.3CVSS5.2AI score0.00186EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/04/30 9:12 p.m.11 views

CVE-2025-36335

CVE-2025-36335 affects IBM watsonx.data intelligence releases 5.2.0, 5.2.1, 5.3.0, and 5.3.1. The root cause is that user credentials are stored in plain text, allowing a local user to read them. This leads to confidentiality impact (high) per the CVSS metrics, with access restricted to local con...

6.2CVSS5.1AI score0.00093EPSS
Exploits0References1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/04 3:28 p.m.6 views

Security Bulletin: SMTP Command Injection Vulnerability in Netty SMTP Codec (Fixed in 4.1.129.Final and 4.2.8.Final) affect IBM watsonx.data

Summary Netty versions prior to 4.1.129.Final and 4.2.8.Final contains an SMTP command injection vulnerability in its SMTP codec due to improper CRLF validation. Attackers who control SMTP parameters can inject arbitrary commands, potentially forging emails that pass SPF and DKIM checks. Upgradin...

6.9CVSS7.2AI score0.01617EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/19 1:28 a.m.4 views

CVE-2025-36183

IBM watsonx.data 2.2 through 2.2.1 IBM Lakehouse could allow a privileged user to upload malicious files that could be executed server to modify limited files or data...

3.8CVSS5.5AI score0.00185EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/17 12:0 a.m.9 views

IBM Watsonx.data 代码问题漏洞

IBM Watsonx.data is an open data lake platform developed by IBM. There were code vulnerabilities in versions 2.2 to 2.2.1 of IBM Watsonx.data. These vulnerabilities allowed privileged users to upload malicious files and execute them on the server, potentially leading to modifications to files or...

3.8CVSS6AI score0.00185EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/09 10:20 p.m.6 views

CVE-2025-36140

IBM watsonx.data 2.2 through 2.2.1 could allow an authenticated user to cause a denial of service through ingestion pods due to improper allocation of resources without limits...

6.5CVSS6.3AI score0.00245EPSS
Exploits0References1
Rows per page
Query Builder