9 matches found
CVE-2023-27545
IBM Watson CloudPak for Data Data Stores contains an information-disclosure vulnerability (CVE-2023-27545). The issue allows stored web pages to be read by another user on the same system due to how Data Stores handles local storage. Affected product/version: Watson CloudPak for Data Data Stores ...
CVE-2025-0719
CVE-2025-0719 affects IBM Cloud Pak for Data (versions 4.0.0–4.8.5 and 5.0.0). The IBM advisory describes a reflected cross-site scripting (XSS) vulnerability on the /error endpoint, where an unauthenticated attacker can inject JavaScript via the error parameter, potentially leading to credential...
CVE-2023-26026
CVE-2023-26026 affects IBM Planning Analytics Cartridge for IBM Cloud Pak for Data 4.0. The vulnerability is an information disclosure via logs, caused by exposing sensitive data through log files. CNVD notes an related encryption issue tied to an insecure CouchDB password policy, enabling data c...
CVE-2023-27877
CVE-2023-27877 affects IBM Planning Analytics Cartridge for IBM Cloud Pak for Data 4.0. The issue arises from an insecure CouchDB password policy over the network, allowing an attacker to disclose sensitive data stored in CouchDB. Documents consistently identify the affected component as the Cart...
CVE-2023-26023
CVE-2023-26023 affects IBM Planning Analytics Cartridge for IBM Cloud Pak for Data v4.0. The vulnerability is an information disclosure via logs, exposing sensitive data that could enable further attacks. Public sources in the provided documents consistently describe log exposure as the issue, bu...
CVE-2021-38899
CVE-2021-38899 affects IBM Cloud Pak for Data 2.5. A local user with special privileges could access highly sensitive information due to an information-disclosure vulnerability in CP4D. Under the CVSSv3.1/3.0 metrics, the issue has a base score of 4.4 (MEDIUM) with LOCAL attack vector, LOW attack...
CVE-2022-36769
Summary: CVE-2022-36769 affects IBM Cloud Pak for Data 4.5 and 4.6. A privileged user can upload malicious files of dangerous types that are automatically processed within the product’s environment, due to insufficient validation of uploaded files. Impact (as stated): Privileged upload capability...
CVE-2021-20486
CVE-2021-20486 affects IBM Cloud Pak for Data 3.0 (CPD 3.0) and can allow an authenticated user to obtain sensitive information when CPD is installed with certain plugins (notably with Watson Knowledge Catalog/Data Virtualization add-ons). The vulnerability path is information disclosure due to m...
CVE-2023-27540
CVE-2023-27540 affects IBM Watson CP4D Data Stores 4.6.0 and is caused by improper allocation of resources without limits or throttling, enabling a remote attacker with system-specific information to cause a denial of service. IBM’s bulletin assigns a CVSS v3.1 base score of 5.9 (MEDIUM) and cite...