Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
12 vulnerabilities found for DataStage on Cloud Pak for Data by IBM
CVE-2025-13688 (GCVE-0-2025-13688)
Vulnerability from nvd – Published: 2026-03-03 20:44 – Updated: 2026-03-03 21:30
VLAI?
Title
DataStage on Cloud Pak for Data is vulnerable to arbitrary code injection due to runtime environment
Summary
IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input through the wrapped command component.
Severity ?
6.3 (Medium)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | DataStage on Cloud Pak for Data |
Affected:
5.1.2 , ≤ 5.3.0
(semver)
cpe:2.3:a:ibm:datastage_on_cloud_pak_for_data:5.1.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:datastage_on_cloud_pak_for_data:5.3.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13688",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-03T21:30:35.882396Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-03T21:30:47.045Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:datastage_on_cloud_pak_for_data:5.1.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:datastage_on_cloud_pak_for_data:5.3.0:*:*:*:*:*:*:*"
],
"product": "DataStage on Cloud Pak for Data",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "5.3.0",
"status": "affected",
"version": "5.1.2",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input through the wrapped command component.\u003c/p\u003e"
}
],
"value": "IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input through the wrapped command component."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-03T20:44:40.905Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7262347"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now by upgrading. Product(s) Version(s) number and/or range Remediation/Fix/Instructions DataStage on Cloud Pak for Data 5.1.2 - 5.3.0 Upgrade to version 5.3.1 or later\u003c/p\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerability now by upgrading. Product(s) Version(s) number and/or range Remediation/Fix/Instructions DataStage on Cloud Pak for Data 5.1.2 - 5.3.0 Upgrade to version 5.3.1 or later"
}
],
"title": "DataStage on Cloud Pak for Data is vulnerable to arbitrary code injection due to runtime environment",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-13688",
"datePublished": "2026-03-03T20:44:40.905Z",
"dateReserved": "2025-11-25T20:00:35.162Z",
"dateUpdated": "2026-03-03T21:30:47.045Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13687 (GCVE-0-2025-13687)
Vulnerability from nvd – Published: 2026-03-03 20:45 – Updated: 2026-03-03 21:31
VLAI?
Title
DataStage on Cloud Pak for Data is vulnerable to arbitrary code injection due to runtime environment
Summary
IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input through the user-defined function component.
Severity ?
6.3 (Medium)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | DataStage on Cloud Pak for Data |
Affected:
5.1.2 , ≤ 5.3.0
(semver)
cpe:2.3:a:ibm:datastage_on_cloud_pak_for_data:5.1.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:datastage_on_cloud_pak_for_data:5.3.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13687",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-03T21:31:18.455608Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-03T21:31:25.924Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:datastage_on_cloud_pak_for_data:5.1.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:datastage_on_cloud_pak_for_data:5.3.0:*:*:*:*:*:*:*"
],
"product": "DataStage on Cloud Pak for Data",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "5.3.0",
"status": "affected",
"version": "5.1.2",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input through the user-defined function component.\u003c/p\u003e"
}
],
"value": "IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input through the user-defined function component."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-03T20:45:55.395Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7262347"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u0026nbsp;IBM strongly recommends addressing the vulnerability now by upgrading. Product(s) Version(s) number and/or range Remediation/Fix/Instructions DataStage on Cloud Pak for Data 5.1.2 - 5.3.0 Upgrade to version 5.3.1 or later\u003c/p\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerability now by upgrading. Product(s) Version(s) number and/or range Remediation/Fix/Instructions DataStage on Cloud Pak for Data 5.1.2 - 5.3.0 Upgrade to version 5.3.1 or later"
}
],
"title": "DataStage on Cloud Pak for Data is vulnerable to arbitrary code injection due to runtime environment",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-13687",
"datePublished": "2026-03-03T20:45:55.395Z",
"dateReserved": "2025-11-25T20:00:32.872Z",
"dateUpdated": "2026-03-03T21:31:25.924Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13686 (GCVE-0-2025-13686)
Vulnerability from nvd – Published: 2026-03-03 20:51 – Updated: 2026-03-03 21:31
VLAI?
Title
DataStage on Cloud Pak for Data is vulnerable to arbitrary code injection due to runtime environment
Summary
IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input through the job subroutine component.
Severity ?
6.3 (Medium)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | DataStage on Cloud Pak for Data |
Affected:
5.1.2 , ≤ 5.3.0
(semver)
cpe:2.3:a:ibm:datastage_on_cloud_pak_for_data:5.1.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:datastage_on_cloud_pak_for_data:5.3.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13686",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-03T21:31:50.620127Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-03T21:31:57.708Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:datastage_on_cloud_pak_for_data:5.1.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:datastage_on_cloud_pak_for_data:5.3.0:*:*:*:*:*:*:*"
],
"product": "DataStage on Cloud Pak for Data",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "5.3.0",
"status": "affected",
"version": "5.1.2",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input through the job subroutine component.\u003c/p\u003e"
}
],
"value": "IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input through the job subroutine component."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-03T20:51:45.521Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7262347"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now by upgrading. Product(s) Version(s) number and/or range Remediation/Fix/Instructions DataStage on Cloud Pak for Data 5.1.2 - 5.3.0 Upgrade to version 5.3.1 or later\u003c/p\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerability now by upgrading. Product(s) Version(s) number and/or range Remediation/Fix/Instructions DataStage on Cloud Pak for Data 5.1.2 - 5.3.0 Upgrade to version 5.3.1 or later"
}
],
"title": "DataStage on Cloud Pak for Data is vulnerable to arbitrary code injection due to runtime environment",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-13686",
"datePublished": "2026-03-03T20:51:45.521Z",
"dateReserved": "2025-11-25T19:54:37.040Z",
"dateUpdated": "2026-03-03T21:31:57.708Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13616 (GCVE-0-2025-13616)
Vulnerability from nvd – Published: 2026-03-03 19:53 – Updated: 2026-03-04 21:15
VLAI?
Title
DataStage on Cloud Pak for Data is vulnerable to sensitive information leak due to HTTP response
Summary
IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 returns sensitive information in an HTTP response that could be used in further attacks against the system.
Severity ?
6.5 (Medium)
CWE
- CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | DataStage on Cloud Pak for Data |
Affected:
5.1.2 , ≤ 5.3.0
(semver)
cpe:2.3:a:ibm:datastage_on_cloud_pak_for_data:5.1.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:datastage_on_cloud_pak_for_data:5.3.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13616",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-04T21:15:39.160324Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-04T21:15:47.130Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:datastage_on_cloud_pak_for_data:5.1.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:datastage_on_cloud_pak_for_data:5.3.0:*:*:*:*:*:*:*"
],
"product": "DataStage on Cloud Pak for Data",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "5.3.0",
"status": "affected",
"version": "5.1.2",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 returns sensitive information in an HTTP response that could be used in further attacks against the system.\u003c/p\u003e"
}
],
"value": "IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 returns sensitive information in an HTTP response that could be used in further attacks against the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-497",
"description": "CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-03T19:54:05.201Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7261771"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now by upgrading. Product(s) Version(s) number and/or range Remediation/Fix/Instructions DataStage on Cloud Pak for Data 5.1.2 - 5.3.0 Upgrade to version 5.3.1 or later\u003c/p\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerability now by upgrading. Product(s) Version(s) number and/or range Remediation/Fix/Instructions DataStage on Cloud Pak for Data 5.1.2 - 5.3.0 Upgrade to version 5.3.1 or later"
}
],
"title": "DataStage on Cloud Pak for Data is vulnerable to sensitive information leak due to HTTP response",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-13616",
"datePublished": "2026-03-03T19:53:22.116Z",
"dateReserved": "2025-11-24T19:42:32.953Z",
"dateUpdated": "2026-03-04T21:15:47.130Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13691 (GCVE-0-2025-13691)
Vulnerability from nvd – Published: 2026-02-17 20:17 – Updated: 2026-02-26 14:44
VLAI?
Title
DataStage on Cloud Pak for Data is vulnerable to sensitive information leaks due to HTTP processing
Summary
IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 returns sensitive information in an HTTP response that could be used to impersonate other users in the system.
Severity ?
8.1 (High)
CWE
- CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | DataStage on Cloud Pak for Data |
Affected:
5.1.2 , ≤ 5.3.0
(semver)
cpe:2.3:a:ibm:datastage_on_cloud_pak_for_data:5.1.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:datastage_on_cloud_pak_for_data:5.3.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13691",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-19T04:55:49.596940Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T14:44:19.140Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:datastage_on_cloud_pak_for_data:5.1.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:datastage_on_cloud_pak_for_data:5.3.0:*:*:*:*:*:*:*"
],
"product": "DataStage on Cloud Pak for Data",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "5.3.0",
"status": "affected",
"version": "5.1.2",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 returns sensitive information in an HTTP response that could be used to impersonate other users in the system.\u003c/p\u003e"
}
],
"value": "IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 returns sensitive information in an HTTP response that could be used to impersonate other users in the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-497",
"description": "CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-17T20:18:04.935Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7259956"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now by upgrading DataStage on Cloud Pak for Data. Product(s) Version(s) number and/or range Remediation/Fix/Instructions DataStage on Cloud Pak for Data 5.1.2-5.3.0 Upgrade to version 5.3.1 and beyond.\u003c/p\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerability now by upgrading DataStage on Cloud Pak for Data. Product(s) Version(s) number and/or range Remediation/Fix/Instructions DataStage on Cloud Pak for Data 5.1.2-5.3.0 Upgrade to version 5.3.1 and beyond."
}
],
"title": "DataStage on Cloud Pak for Data is vulnerable to sensitive information leaks due to HTTP processing",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-13691",
"datePublished": "2026-02-17T20:17:24.149Z",
"dateReserved": "2025-11-25T20:34:37.353Z",
"dateUpdated": "2026-02-26T14:44:19.140Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-38714 (GCVE-0-2022-38714)
Vulnerability from nvd – Published: 2024-02-12 17:41 – Updated: 2025-03-18 19:56
VLAI?
Title
IBM DataStage on Cloud Pak for Data information disclosure
Summary
IBM DataStage on Cloud Pak for Data 4.0.6 to 4.5.2 stores sensitive credential information that can be read by a privileged user. IBM X-Force ID: 235060.
Severity ?
4.9 (Medium)
CWE
- 256 Plaintext Storage of a Password
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | DataStage on Cloud Pak for Data |
Affected:
4.0.6 , ≤ 4.5.2
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-38714",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-21T20:25:00.769726Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522 Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-18T19:56:08.800Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T11:02:14.515Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6618039"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/235060"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DataStage on Cloud Pak for Data",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "4.5.2",
"status": "affected",
"version": "4.0.6",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM DataStage on Cloud Pak for Data 4.0.6 to 4.5.2 stores sensitive credential information that can be read by a privileged user. IBM X-Force ID: 235060."
}
],
"value": "IBM DataStage on Cloud Pak for Data 4.0.6 to 4.5.2 stores sensitive credential information that can be read by a privileged user. IBM X-Force ID: 235060."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "256 Plaintext Storage of a Password",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-12T17:41:24.984Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/6618039"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/235060"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM DataStage on Cloud Pak for Data information disclosure",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2022-38714",
"datePublished": "2024-02-12T17:41:24.984Z",
"dateReserved": "2022-08-23T16:35:16.510Z",
"dateUpdated": "2025-03-18T19:56:08.800Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-13686 (GCVE-0-2025-13686)
Vulnerability from cvelistv5 – Published: 2026-03-03 20:51 – Updated: 2026-03-03 21:31
VLAI?
Title
DataStage on Cloud Pak for Data is vulnerable to arbitrary code injection due to runtime environment
Summary
IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input through the job subroutine component.
Severity ?
6.3 (Medium)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | DataStage on Cloud Pak for Data |
Affected:
5.1.2 , ≤ 5.3.0
(semver)
cpe:2.3:a:ibm:datastage_on_cloud_pak_for_data:5.1.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:datastage_on_cloud_pak_for_data:5.3.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13686",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-03T21:31:50.620127Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-03T21:31:57.708Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:datastage_on_cloud_pak_for_data:5.1.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:datastage_on_cloud_pak_for_data:5.3.0:*:*:*:*:*:*:*"
],
"product": "DataStage on Cloud Pak for Data",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "5.3.0",
"status": "affected",
"version": "5.1.2",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input through the job subroutine component.\u003c/p\u003e"
}
],
"value": "IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input through the job subroutine component."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-03T20:51:45.521Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7262347"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now by upgrading. Product(s) Version(s) number and/or range Remediation/Fix/Instructions DataStage on Cloud Pak for Data 5.1.2 - 5.3.0 Upgrade to version 5.3.1 or later\u003c/p\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerability now by upgrading. Product(s) Version(s) number and/or range Remediation/Fix/Instructions DataStage on Cloud Pak for Data 5.1.2 - 5.3.0 Upgrade to version 5.3.1 or later"
}
],
"title": "DataStage on Cloud Pak for Data is vulnerable to arbitrary code injection due to runtime environment",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-13686",
"datePublished": "2026-03-03T20:51:45.521Z",
"dateReserved": "2025-11-25T19:54:37.040Z",
"dateUpdated": "2026-03-03T21:31:57.708Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13687 (GCVE-0-2025-13687)
Vulnerability from cvelistv5 – Published: 2026-03-03 20:45 – Updated: 2026-03-03 21:31
VLAI?
Title
DataStage on Cloud Pak for Data is vulnerable to arbitrary code injection due to runtime environment
Summary
IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input through the user-defined function component.
Severity ?
6.3 (Medium)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | DataStage on Cloud Pak for Data |
Affected:
5.1.2 , ≤ 5.3.0
(semver)
cpe:2.3:a:ibm:datastage_on_cloud_pak_for_data:5.1.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:datastage_on_cloud_pak_for_data:5.3.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13687",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-03T21:31:18.455608Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-03T21:31:25.924Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:datastage_on_cloud_pak_for_data:5.1.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:datastage_on_cloud_pak_for_data:5.3.0:*:*:*:*:*:*:*"
],
"product": "DataStage on Cloud Pak for Data",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "5.3.0",
"status": "affected",
"version": "5.1.2",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input through the user-defined function component.\u003c/p\u003e"
}
],
"value": "IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input through the user-defined function component."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-03T20:45:55.395Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7262347"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u0026nbsp;IBM strongly recommends addressing the vulnerability now by upgrading. Product(s) Version(s) number and/or range Remediation/Fix/Instructions DataStage on Cloud Pak for Data 5.1.2 - 5.3.0 Upgrade to version 5.3.1 or later\u003c/p\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerability now by upgrading. Product(s) Version(s) number and/or range Remediation/Fix/Instructions DataStage on Cloud Pak for Data 5.1.2 - 5.3.0 Upgrade to version 5.3.1 or later"
}
],
"title": "DataStage on Cloud Pak for Data is vulnerable to arbitrary code injection due to runtime environment",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-13687",
"datePublished": "2026-03-03T20:45:55.395Z",
"dateReserved": "2025-11-25T20:00:32.872Z",
"dateUpdated": "2026-03-03T21:31:25.924Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13688 (GCVE-0-2025-13688)
Vulnerability from cvelistv5 – Published: 2026-03-03 20:44 – Updated: 2026-03-03 21:30
VLAI?
Title
DataStage on Cloud Pak for Data is vulnerable to arbitrary code injection due to runtime environment
Summary
IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input through the wrapped command component.
Severity ?
6.3 (Medium)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | DataStage on Cloud Pak for Data |
Affected:
5.1.2 , ≤ 5.3.0
(semver)
cpe:2.3:a:ibm:datastage_on_cloud_pak_for_data:5.1.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:datastage_on_cloud_pak_for_data:5.3.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13688",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-03T21:30:35.882396Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-03T21:30:47.045Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:datastage_on_cloud_pak_for_data:5.1.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:datastage_on_cloud_pak_for_data:5.3.0:*:*:*:*:*:*:*"
],
"product": "DataStage on Cloud Pak for Data",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "5.3.0",
"status": "affected",
"version": "5.1.2",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input through the wrapped command component.\u003c/p\u003e"
}
],
"value": "IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input through the wrapped command component."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-03T20:44:40.905Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7262347"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now by upgrading. Product(s) Version(s) number and/or range Remediation/Fix/Instructions DataStage on Cloud Pak for Data 5.1.2 - 5.3.0 Upgrade to version 5.3.1 or later\u003c/p\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerability now by upgrading. Product(s) Version(s) number and/or range Remediation/Fix/Instructions DataStage on Cloud Pak for Data 5.1.2 - 5.3.0 Upgrade to version 5.3.1 or later"
}
],
"title": "DataStage on Cloud Pak for Data is vulnerable to arbitrary code injection due to runtime environment",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-13688",
"datePublished": "2026-03-03T20:44:40.905Z",
"dateReserved": "2025-11-25T20:00:35.162Z",
"dateUpdated": "2026-03-03T21:30:47.045Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13616 (GCVE-0-2025-13616)
Vulnerability from cvelistv5 – Published: 2026-03-03 19:53 – Updated: 2026-03-04 21:15
VLAI?
Title
DataStage on Cloud Pak for Data is vulnerable to sensitive information leak due to HTTP response
Summary
IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 returns sensitive information in an HTTP response that could be used in further attacks against the system.
Severity ?
6.5 (Medium)
CWE
- CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | DataStage on Cloud Pak for Data |
Affected:
5.1.2 , ≤ 5.3.0
(semver)
cpe:2.3:a:ibm:datastage_on_cloud_pak_for_data:5.1.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:datastage_on_cloud_pak_for_data:5.3.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13616",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-04T21:15:39.160324Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-04T21:15:47.130Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:datastage_on_cloud_pak_for_data:5.1.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:datastage_on_cloud_pak_for_data:5.3.0:*:*:*:*:*:*:*"
],
"product": "DataStage on Cloud Pak for Data",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "5.3.0",
"status": "affected",
"version": "5.1.2",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 returns sensitive information in an HTTP response that could be used in further attacks against the system.\u003c/p\u003e"
}
],
"value": "IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 returns sensitive information in an HTTP response that could be used in further attacks against the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-497",
"description": "CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-03T19:54:05.201Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7261771"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now by upgrading. Product(s) Version(s) number and/or range Remediation/Fix/Instructions DataStage on Cloud Pak for Data 5.1.2 - 5.3.0 Upgrade to version 5.3.1 or later\u003c/p\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerability now by upgrading. Product(s) Version(s) number and/or range Remediation/Fix/Instructions DataStage on Cloud Pak for Data 5.1.2 - 5.3.0 Upgrade to version 5.3.1 or later"
}
],
"title": "DataStage on Cloud Pak for Data is vulnerable to sensitive information leak due to HTTP response",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-13616",
"datePublished": "2026-03-03T19:53:22.116Z",
"dateReserved": "2025-11-24T19:42:32.953Z",
"dateUpdated": "2026-03-04T21:15:47.130Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13691 (GCVE-0-2025-13691)
Vulnerability from cvelistv5 – Published: 2026-02-17 20:17 – Updated: 2026-02-26 14:44
VLAI?
Title
DataStage on Cloud Pak for Data is vulnerable to sensitive information leaks due to HTTP processing
Summary
IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 returns sensitive information in an HTTP response that could be used to impersonate other users in the system.
Severity ?
8.1 (High)
CWE
- CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | DataStage on Cloud Pak for Data |
Affected:
5.1.2 , ≤ 5.3.0
(semver)
cpe:2.3:a:ibm:datastage_on_cloud_pak_for_data:5.1.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:datastage_on_cloud_pak_for_data:5.3.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13691",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-19T04:55:49.596940Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T14:44:19.140Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:datastage_on_cloud_pak_for_data:5.1.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:datastage_on_cloud_pak_for_data:5.3.0:*:*:*:*:*:*:*"
],
"product": "DataStage on Cloud Pak for Data",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "5.3.0",
"status": "affected",
"version": "5.1.2",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 returns sensitive information in an HTTP response that could be used to impersonate other users in the system.\u003c/p\u003e"
}
],
"value": "IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 returns sensitive information in an HTTP response that could be used to impersonate other users in the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-497",
"description": "CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-17T20:18:04.935Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7259956"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now by upgrading DataStage on Cloud Pak for Data. Product(s) Version(s) number and/or range Remediation/Fix/Instructions DataStage on Cloud Pak for Data 5.1.2-5.3.0 Upgrade to version 5.3.1 and beyond.\u003c/p\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerability now by upgrading DataStage on Cloud Pak for Data. Product(s) Version(s) number and/or range Remediation/Fix/Instructions DataStage on Cloud Pak for Data 5.1.2-5.3.0 Upgrade to version 5.3.1 and beyond."
}
],
"title": "DataStage on Cloud Pak for Data is vulnerable to sensitive information leaks due to HTTP processing",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-13691",
"datePublished": "2026-02-17T20:17:24.149Z",
"dateReserved": "2025-11-25T20:34:37.353Z",
"dateUpdated": "2026-02-26T14:44:19.140Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-38714 (GCVE-0-2022-38714)
Vulnerability from cvelistv5 – Published: 2024-02-12 17:41 – Updated: 2025-03-18 19:56
VLAI?
Title
IBM DataStage on Cloud Pak for Data information disclosure
Summary
IBM DataStage on Cloud Pak for Data 4.0.6 to 4.5.2 stores sensitive credential information that can be read by a privileged user. IBM X-Force ID: 235060.
Severity ?
4.9 (Medium)
CWE
- 256 Plaintext Storage of a Password
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | DataStage on Cloud Pak for Data |
Affected:
4.0.6 , ≤ 4.5.2
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-38714",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-21T20:25:00.769726Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522 Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-18T19:56:08.800Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T11:02:14.515Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6618039"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/235060"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DataStage on Cloud Pak for Data",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "4.5.2",
"status": "affected",
"version": "4.0.6",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM DataStage on Cloud Pak for Data 4.0.6 to 4.5.2 stores sensitive credential information that can be read by a privileged user. IBM X-Force ID: 235060."
}
],
"value": "IBM DataStage on Cloud Pak for Data 4.0.6 to 4.5.2 stores sensitive credential information that can be read by a privileged user. IBM X-Force ID: 235060."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "256 Plaintext Storage of a Password",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-12T17:41:24.984Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/6618039"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/235060"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM DataStage on Cloud Pak for Data information disclosure",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2022-38714",
"datePublished": "2024-02-12T17:41:24.984Z",
"dateReserved": "2022-08-23T16:35:16.510Z",
"dateUpdated": "2025-03-18T19:56:08.800Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}