9 matches found
CVE-2025-36139
IBM Lakehouse watsonx.data 2.2 is vulnerable to stored cross-site scripting in the Web UI due to insufficient input filtering/escaping. A privileged user could inject arbitrary JavaScript, potentially leading to credentials disclosure within a trusted session. Remediation: upgrade to watsonx.data...
CVE-2025-36143
IBM Lakehouse watsonx.data 2.2 is affected by an OS command injection vulnerability caused by improper validation of user input. An authenticated privileged user could execute arbitrary commands on the system. The CVE is CVE-2025-36143. Remediation provided in the IBM security bulletin is to upgr...
CVE-2025-36146
IBM Lakehouse (watsonx.data 2.2) contains an information disclosure vulnerability where an authenticated user could obtain sensitive server component version information from stack traces. The issue stems from CWE-209 and is documented in IBM’s Security Bulletin (CVE-2025-36146). Impact is limite...
CVE-2025-36144
CVE-2025-36144 affects IBM Lakehouse (watsonx.data 2.2). The vulnerability arises from logging potentially sensitive information, allowing a local user to read log files and disclose data. Affected component/file is the logging path used by watsonx.data, with root cause described as information d...
CVE-2025-36145
CVE-2025-36145 affects IBM watsonx.data (Lakehouse) versions 2.2–2.3.1. The issue is inadequate restriction of inbound/outbound connections, enabling an attacker to transfer or modify files without proper controls. Impact: confidentiality/integrity concerns with file operations; no exploit detail...
CVE-2025-36183
Summary: IBM watsonx.data (Lakehouse) versions 2.2–2.2.1 are affected by a privileged-user file upload vulnerability that could allow execution of uploaded files on the server and modify limited files/data. Root cause: CWE-434 Unrestricted Upload of File with Dangerous Type. Impact: potential lim...
CVE-2025-36335
CVE-2025-36335 affects IBM watsonx.data intelligence releases 5.2.0, 5.2.1, 5.3.0, and 5.3.1. The root cause is that user credentials are stored in plain text, allowing a local user to read them. This leads to confidentiality impact (high) per the CVSS metrics, with access restricted to local con...
CVE-2025-36140
CVE-2025-36140 affects IBM watsonx.data versions 2.2–2.2.1. An authenticated user can cause a denial of service in ingestion pods due to improper allocation of resources without limits. Remediation: upgrade to watsonx.data 2.2.2 or move to CPD 5.2.2 as per IBM bulletin. The vulnerability details ...
CVE-2025-36180
CVE-2025-36180 concerns IBM watsonx.data (Lakehouse) versions 2.2–2.3. The issue is an improper restriction of inter-pod communication, potentially allowing an attacker to transfer data between pods without restrictions. The vulnerability’s impact is described as data integrity risk within pod co...