Lucene search
K
IbmWatsonx.data

9 matches found

CVE
CVE
added 2025/09/18 3:13 p.m.20 views

CVE-2025-36139

IBM Lakehouse watsonx.data 2.2 is vulnerable to stored cross-site scripting in the Web UI due to insufficient input filtering/escaping. A privileged user could inject arbitrary JavaScript, potentially leading to credentials disclosure within a trusted session. Remediation: upgrade to watsonx.data...

5.5CVSS6AI score0.00173EPSS
CVE
CVE
added 2025/09/18 3:14 p.m.19 views

CVE-2025-36143

IBM Lakehouse watsonx.data 2.2 is affected by an OS command injection vulnerability caused by improper validation of user input. An authenticated privileged user could execute arbitrary commands on the system. The CVE is CVE-2025-36143. Remediation provided in the IBM security bulletin is to upgr...

7.2CVSS6.9AI score0.00315EPSS
CVE
CVE
added 2025/09/18 3:15 p.m.19 views

CVE-2025-36146

IBM Lakehouse (watsonx.data 2.2) contains an information disclosure vulnerability where an authenticated user could obtain sensitive server component version information from stack traces. The issue stems from CWE-209 and is documented in IBM’s Security Bulletin (CVE-2025-36146). Impact is limite...

4.3CVSS5.8AI score0.00214EPSS
CVE
CVE
added 2025/09/27 12:5 a.m.18 views

CVE-2025-36144

CVE-2025-36144 affects IBM Lakehouse (watsonx.data 2.2). The vulnerability arises from logging potentially sensitive information, allowing a local user to read log files and disclose data. Affected component/file is the logging path used by watsonx.data, with root cause described as information d...

5.5CVSS5.7AI score0.00116EPSS
CVE
CVE
added 2026/05/26 3:50 p.m.17 views

CVE-2025-36145

CVE-2025-36145 affects IBM watsonx.data (Lakehouse) versions 2.2–2.3.1. The issue is inadequate restriction of inbound/outbound connections, enabling an attacker to transfer or modify files without proper controls. Impact: confidentiality/integrity concerns with file operations; no exploit detail...

5.4CVSS5.8AI score0.00166EPSS
CVE
CVE
added 2026/02/17 9:32 p.m.14 views

CVE-2025-36183

Summary: IBM watsonx.data (Lakehouse) versions 2.2–2.2.1 are affected by a privileged-user file upload vulnerability that could allow execution of uploaded files on the server and modify limited files/data. Root cause: CWE-434 Unrestricted Upload of File with Dangerous Type. Impact: potential lim...

3.8CVSS5.5AI score0.00185EPSS
CVE
CVE
added 2026/04/30 9:12 p.m.11 views

CVE-2025-36335

CVE-2025-36335 affects IBM watsonx.data intelligence releases 5.2.0, 5.2.1, 5.3.0, and 5.3.1. The root cause is that user credentials are stored in plain text, allowing a local user to read them. This leads to confidentiality impact (high) per the CVSS metrics, with access restricted to local con...

6.2CVSS5.1AI score0.00093EPSS
CVE
CVE
added 2025/12/08 10:11 p.m.10 views

CVE-2025-36140

CVE-2025-36140 affects IBM watsonx.data versions 2.2–2.2.1. An authenticated user can cause a denial of service in ingestion pods due to improper allocation of resources without limits. Remediation: upgrade to watsonx.data 2.2.2 or move to CPD 5.2.2 as per IBM bulletin. The vulnerability details ...

6.5CVSS5.9AI score0.00249EPSS
CVE
CVE
added 2026/04/30 9:28 p.m.9 views

CVE-2025-36180

CVE-2025-36180 concerns IBM watsonx.data (Lakehouse) versions 2.2–2.3. The issue is an improper restriction of inter-pod communication, potentially allowing an attacker to transfer data between pods without restrictions. The vulnerability’s impact is described as data integrity risk within pod co...

7.5CVSS5.2AI score0.00186EPSS