Search Results (14 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-36328 1 Ibm 1 Watsonxdata Intelligence 2026-07-01 4.3 Medium
IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.  This information could be used in further attacks against the system.
CVE-2025-36319 1 Ibm 1 Watsonxdata Intelligence 2026-07-01 4.3 Medium
IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow an authenticated user to cause a temporary denial using a specially crafted HTTP request due to improper allocation of resource throttling.
CVE-2025-12530 1 Ibm 1 Watsonxdata Intelligence 2026-07-01 5.9 Medium
IBM watsonx.data intelligence 5.2.2, 5.3.0, 5.3.1, 5.3.1 through patch-1 transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques.
CVE-2025-36327 1 Ibm 1 Watsonxdata Intelligence 2026-07-01 6.5 Medium
IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow an authenticated user to bypass security controls and perform unauthorized actions due to client-side enforcement of sever-side security.
CVE-2025-36324 1 Ibm 1 Watsonxdata Intelligence 2026-07-01 4.3 Medium
IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 s vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
CVE-2025-36336 1 Ibm 1 Watsonxdata Intelligence 2026-07-01 5.9 Medium
IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques.
CVE-2025-36321 1 Ibm 1 Watsonxdata Intelligence 2026-07-01 5.7 Medium
IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
CVE-2025-36323 1 Ibm 1 Watsonxdata Intelligence 2026-07-01 5.4 Medium
IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2025-36320 1 Ibm 1 Watsonxdata Intelligence 2026-07-01 6.4 Medium
IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2025-36333 1 Ibm 1 Watsonxdata Intelligence 2026-07-01 4.3 Medium
IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow an authenticated user to perform unauthorized actions due to the improper enforcement of behavioral workflow.
CVE-2025-36145 1 Ibm 2 Watsonx.data, Watsonxdata 2026-06-01 5.4 Medium
IBM watsonx.data 2.2 through 2.3.1 IBM Lakehouse does not properly restrict inbound and outbound connections which could allow an attacker to transfer or modify files without restrictions.
CVE-2025-36335 1 Ibm 2 Watsonx.data, Watsonxdata Intelligence 2026-05-12 6.2 Medium
IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.3.0, 5.3.1 stores user credentials in plain text which can be read by a local user.
CVE-2025-36180 1 Ibm 2 Watsonx.data, Watsonxdata 2026-05-12 5.3 Medium
IBM watsonx.data 2.2 through 2.3 IBM Lakehouse does not properly restrict communication between pods which could allow an attacker to transfer data between pods without restrictions.
CVE-2025-36183 1 Ibm 2 Watsonx.data, Watsonxdata 2026-02-20 3.8 Low
IBM watsonx.data 2.2 through 2.2.1 IBM Lakehouse could allow a privileged user to upload malicious files that could be executed server to modify limited files or data.