Search
Find a vulnerability
Search criteria
18 vulnerabilities found for watsonx.data by IBM
CVE-2025-36145 (GCVE-0-2025-36145)
Vulnerability from nvd – Published: 2026-05-26 15:50 – Updated: 2026-05-26 17:42
VLAI
Title
Multiple Vulnerabilities in watsonx.data
Summary
IBM watsonx.data 2.2 through 2.3.1 IBM Lakehouse does not properly restrict inbound and outbound connections which could allow an attacker to transfer or modify files without restrictions.
Severity
5.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-923 - Improper Restriction of Communication Channel to Intended Endpoints
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/7272498 | vendor-advisorypatch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | watsonx.data |
Affected:
2.2.0 , ≤ 2.3.1
(semver)
cpe:2.3:a:ibm:watsonxdata:2.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:watsonxdata:2.2.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:watsonxdata:2.3.1:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36145",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-26T17:41:52.481115Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T17:42:05.425Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:watsonxdata:2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:watsonxdata:2.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:watsonxdata:2.3.1:*:*:*:*:*:*:*"
],
"product": "watsonx.data",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "2.3.1",
"status": "affected",
"version": "2.2.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM watsonx.data 2.2 through 2.3.1 IBM Lakehouse does not properly restrict inbound and outbound connections which could allow an attacker to transfer or modify files without restrictions.\u003c/p\u003e"
}
],
"value": "IBM watsonx.data 2.2 through 2.3.1 IBM Lakehouse does not properly restrict inbound and outbound connections which could allow an attacker to transfer or modify files without restrictions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-923",
"description": "CWE-923 Improper Restriction of Communication Channel to Intended Endpoints",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T15:50:54.945Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7272498"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe product needs to be installed or upgraded to the latest available level watsonx.data 2.3.x or watsonx.data on CPD 5.3.x. \u0026nbsp;Installation/upgrade instructions can be found here: \u003ca href=\"https://www.ibm.com/docs/en/software-hub/5.3.x?topic=watsonxdata-installing\" rel=\"nofollow\"\u003ehttps://www.ibm.com/docs/en/software-hub/5.3.x?topic=watsonxdata-installing\u003c/a\u003e\u003c/p\u003e"
}
],
"value": "The product needs to be installed or upgraded to the latest available level watsonx.data 2.3.x or watsonx.data on CPD 5.3.x. \u00a0Installation/upgrade instructions can be found here: https://www.ibm.com/docs/en/software-hub/5.3.x?topic=watsonxdata-installing"
}
],
"title": "Multiple Vulnerabilities in watsonx.data",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36145",
"datePublished": "2026-05-26T15:50:54.945Z",
"dateReserved": "2025-04-15T21:16:19.940Z",
"dateUpdated": "2026-05-26T17:42:05.425Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-36335 (GCVE-0-2025-36335)
Vulnerability from nvd – Published: 2026-04-30 21:12 – Updated: 2026-05-01 14:23
VLAI
Title
Vulnerabilities found
Summary
IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.3.0, 5.3.1 stores user credentials in plain text which can be read by a local user.
Severity
6.2 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-256 - Plaintext Storage of a Password
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/7270923 | vendor-advisorypatch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | watsonx.data intelligence |
Affected:
5.2.0, 5.2.1, 5.3.0, 5.3.1 , ≤ 1.8.4
(semver)
cpe:2.3:a:ibm:watsonxdata_intelligence:5.2.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36335",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-01T14:23:02.854656Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-01T14:23:11.089Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:watsonxdata_intelligence:5.2.0:*:*:*:*:*:*:*"
],
"product": "watsonx.data intelligence",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "1.8.4",
"status": "affected",
"version": "5.2.0, 5.2.1, 5.3.0, 5.3.1",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM watsonx.data intelligence 5.2.0, 5.2.1, 5.3.0, 5.3.1 stores user credentials in plain text which can be read by a local user.\u003c/p\u003e"
}
],
"value": "IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.3.0, 5.3.1 stores user credentials in plain text which can be read by a local user."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-256",
"description": "CWE-256 Plaintext Storage of a Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-30T21:12:54.030Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7270923"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUpdate version to 5.3.1-patch3\u003cbr\u003e\u003ca href=\"https://www.ibm.com/docs/en/software-hub/5.3.x?topic=overview-available-patches-software-hub-version-531\" rel=\"nofollow\"\u003ehttps://www.ibm.com/docs/en/software-hub/5.3.x?topic=overview-available-patches-software-hub-version-531\u003c/a\u003e\u003c/p\u003e"
}
],
"value": "Update version to 5.3.1-patch3\n https://www.ibm.com/docs/en/software-hub/5.3.x?topic=overview-available-patches-software-hub-version-531"
}
],
"title": "Vulnerabilities found",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36335",
"datePublished": "2026-04-30T21:12:54.030Z",
"dateReserved": "2025-04-15T21:16:52.391Z",
"dateUpdated": "2026-05-01T14:23:11.089Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-36180 (GCVE-0-2025-36180)
Vulnerability from nvd – Published: 2026-04-30 21:28 – Updated: 2026-05-01 16:37
VLAI
Title
Inadequate Pod Communication Restrictions, affects watsonx.data
Summary
IBM watsonx.data 2.2 through 2.3 IBM Lakehouse does not properly restrict communication between pods which could allow an attacker to transfer data between pods without restrictions.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-923 - Improper Restriction of Communication Channel to Intended Endpoints
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/7270593 | vendor-advisorypatch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | watsonx.data |
Affected:
2.2.0 , ≤ 2.3.0
(semver)
cpe:2.3:a:ibm:watsonxdata:2.2.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:watsonxdata:2.3.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36180",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-01T16:07:12.084281Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-01T16:37:49.064Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:watsonxdata:2.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:watsonxdata:2.3.0:*:*:*:*:*:*:*"
],
"product": "watsonx.data",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "2.3.0",
"status": "affected",
"version": "2.2.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM watsonx.data 2.2 through 2.3 IBM Lakehouse does not properly restrict communication between pods which could allow an attacker to transfer data between pods without restrictions.\u003c/p\u003e"
}
],
"value": "IBM watsonx.data 2.2 through 2.3 IBM Lakehouse does not properly restrict communication between pods which could allow an attacker to transfer data between pods without restrictions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-923",
"description": "CWE-923 Improper Restriction of Communication Channel to Intended Endpoints",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-30T21:39:21.850Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7270593"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe product needs to be installed or upgraded to the latest available level watsonx.data 2.3.1 or watsonx.data on CPD 5.3.1. \u0026nbsp;Installation/upgrade instructions can be found here: \u003ca href=\"https://www.ibm.com/docs/en/software-hub/5.3.x?topic=watsonxdata-installing\" rel=\"nofollow\"\u003ehttps://www.ibm.com/docs/en/software-hub/5.3.x?topic=watsonxdata-installing\u003c/a\u003e\u003c/p\u003e"
}
],
"value": "The product needs to be installed or upgraded to the latest available level watsonx.data 2.3.1 or watsonx.data on CPD 5.3.1. \u00a0Installation/upgrade instructions can be found here: https://www.ibm.com/docs/en/software-hub/5.3.x?topic=watsonxdata-installing"
}
],
"title": "Inadequate Pod Communication Restrictions, affects watsonx.data",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36180",
"datePublished": "2026-04-30T21:28:00.171Z",
"dateReserved": "2025-04-15T21:16:23.419Z",
"dateUpdated": "2026-05-01T16:37:49.064Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-36183 (GCVE-0-2025-36183)
Vulnerability from nvd – Published: 2026-02-17 21:32 – Updated: 2026-02-18 20:36
VLAI
Title
Privileged User File Upload Vulnerability Leading to Limited Server-Side Execution affects watsonx.data
Summary
IBM watsonx.data 2.2 through 2.2.1 IBM Lakehouse could allow a privileged user to upload malicious files that could be executed server to modify limited files or data.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/7260118 | vendor-advisorypatch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | watsonx.data |
Affected:
2.2 , ≤ 2.2.1
(semver)
cpe:2.3:a:ibm:watsonxdata:2.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:watsonxdata:2.2.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:watsonxdata:2.2.1:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36183",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-18T20:36:43.372341Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-18T20:36:53.178Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:watsonxdata:2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:watsonxdata:2.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:watsonxdata:2.2.1:*:*:*:*:*:*:*"
],
"product": "watsonx.data",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "2.2.1",
"status": "affected",
"version": "2.2",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM watsonx.data 2.2 through 2.2.1 IBM Lakehouse could allow a privileged user to upload malicious files that could be executed server to modify limited files or data.\u003c/p\u003e"
}
],
"value": "IBM watsonx.data 2.2 through 2.2.1 IBM Lakehouse could allow a privileged user to upload malicious files that could be executed server to modify limited files or data."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-17T21:33:36.352Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7260118"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe product needs to be installed or upgraded to the latest available level watsonx.data 2.2.2 or watsonx.data on CPD 5.2.2. \u0026nbsp;Installation/upgrade instructions can be found here: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/docs/en/watsonx/watsonxdata/5.2.x?topic=deployment-installing\"\u003ehttps://www.ibm.com/docs/en/watsonx/watsonxdata/5.2.x?topic=deployment-installing\u003c/a\u003e .\u003c/p\u003e"
}
],
"value": "The product needs to be installed or upgraded to the latest available level watsonx.data 2.2.2 or watsonx.data on CPD 5.2.2. \u00a0Installation/upgrade instructions can be found here: https://www.ibm.com/docs/en/watsonx/watsonxdata/5.2.x?topic=deployment-installing ."
}
],
"title": "Privileged User File Upload Vulnerability Leading to Limited Server-Side Execution affects watsonx.data",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36183",
"datePublished": "2026-02-17T21:32:26.015Z",
"dateReserved": "2025-04-15T21:16:23.419Z",
"dateUpdated": "2026-02-18T20:36:53.178Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-36140 (GCVE-0-2025-36140)
Vulnerability from nvd – Published: 2025-12-08 22:11 – Updated: 2025-12-09 16:04
VLAI
Title
IBM watsonx.data Denial of Service
Summary
IBM watsonx.data 2.2 through 2.2.1 could allow an authenticated user to cause a denial of service through ingestion pods due to improper allocation of resources without limits.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/7253932 | vendor-advisorypatch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | watsonx.data |
Affected:
2.2 , ≤ 2.2.1
(semver)
cpe:2.3:a:ibm:watsonx.data:2.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:watsonx.data:2.2.1:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36140",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-09T15:24:10.982827Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-09T16:04:58.245Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:watsonx.data:2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:watsonx.data:2.2.1:*:*:*:*:*:*:*"
],
"product": "watsonx.data",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "2.2.1",
"status": "affected",
"version": "2.2",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM watsonx.data 2.2 through 2.2.1 could allow an authenticated user to cause a denial of service through ingestion pods due to improper allocation of resources without limits.\u003c/p\u003e"
}
],
"value": "IBM watsonx.data 2.2 through 2.2.1 could allow an authenticated user to cause a denial of service through ingestion pods due to improper allocation of resources without limits."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-08T22:11:19.778Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7253932"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eRemediation/Fixes The product needs to be installed or upgraded to the latest available level watsonx.data 2.2.2 or watsonx.data on CPD 5.2.2 Installation/upgrade instructions can be found here https://www.ibm.com/docs/en/software-hub/5.2.x?topic=watsonxdata-installing.\u003c/p\u003e"
}
],
"value": "Remediation/Fixes The product needs to be installed or upgraded to the latest available level watsonx.data 2.2.2 or watsonx.data on CPD 5.2.2 Installation/upgrade instructions can be found here https://www.ibm.com/docs/en/software-hub/5.2.x?topic=watsonxdata-installing."
}
],
"title": "IBM watsonx.data Denial of Service",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36140",
"datePublished": "2025-12-08T22:11:02.760Z",
"dateReserved": "2025-04-15T21:16:19.940Z",
"dateUpdated": "2025-12-09T16:04:58.245Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-36144 (GCVE-0-2025-36144)
Vulnerability from nvd – Published: 2025-09-27 00:05 – Updated: 2025-09-29 14:04
VLAI
Title
IBM watsonx.data information disclosure
Summary
IBM Lakehouse (watsonx.data 2.2) stores potentially sensitive information in log files that could be read by a local user.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/7246267 | vendor-advisorypatch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | watsonx.data |
Affected:
2.2
cpe:2.3:a:ibm:watsonx.data:2.2:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36144",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-29T14:04:19.766656Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-29T14:04:30.872Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:watsonx.data:2.2:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "watsonx.data",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "2.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM Lakehouse (watsonx.data 2.2) stores potentially sensitive information in log files that could be read by a local user.\u003c/span\u003e"
}
],
"value": "IBM Lakehouse (watsonx.data 2.2) stores potentially sensitive information in log files that could be read by a local user."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-27T00:05:08.668Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7246267"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe product needs to be installed or upgraded to the latest available level watsonx.data 2.1 or watsonx.data on CPD 5.1. Installation/upgrade instructions can be found here \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/docs/en/software-hub/5.1.x?topic=watsonxdata-installing.\"\u003ehttps://www.ibm.com/docs/en/software-hub/5.1.x?topic=watsonxdata-installing.\u003c/a\u003e\n\n\u003cbr\u003e"
}
],
"value": "The product needs to be installed or upgraded to the latest available level watsonx.data 2.1 or watsonx.data on CPD 5.1. Installation/upgrade instructions can be found here https://www.ibm.com/docs/en/software-hub/5.1.x?topic=watsonxdata-installing."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM watsonx.data information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36144",
"datePublished": "2025-09-27T00:05:08.668Z",
"dateReserved": "2025-04-15T21:16:19.940Z",
"dateUpdated": "2025-09-29T14:04:30.872Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-36146 (GCVE-0-2025-36146)
Vulnerability from nvd – Published: 2025-09-18 15:15 – Updated: 2025-09-19 17:09
VLAI
Title
IBM watsonx.data information disclosure
Summary
IBM Lakehouse (watsonx.data 2.2) could allow an authenticated user to obtain sensitive server component version information which could aid in further attacks against the system.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/7245384 | vendor-advisorypatch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | watsonx.data |
Affected:
2.2
cpe:2.3:a:ibm:watsonx.data:2.2:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36146",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-19T17:00:35.669474Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-19T17:09:17.223Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:watsonx.data:2.2:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "watsonx.data",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "2.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Lakehouse (watsonx.data 2.2) could allow an authenticated user to obtain sensitive server component version information which could aid in further attacks against the system."
}
],
"value": "IBM Lakehouse (watsonx.data 2.2) could allow an authenticated user to obtain sensitive server component version information which could aid in further attacks against the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-497",
"description": "CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-18T15:16:49.479Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7245384"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe product needs to be installed or upgraded to the latest available level watsonx.data 2.2.1 or watsonx.data on CPD 5.2.1 Installation/upgrade instructions can be found here: \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/docs/en/software-hub/5.2.x?topic=watsonxdata-installing\"\u003ehttps://www.ibm.com/docs/en/watsonx/watsonxdata/2.2.x?topic=deployment-installing\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "The product needs to be installed or upgraded to the latest available level watsonx.data 2.2.1 or watsonx.data on CPD 5.2.1 Installation/upgrade instructions can be found here: https://www.ibm.com/docs/en/watsonx/watsonxdata/2.2.x?topic=deployment-installing https://www.ibm.com/docs/en/software-hub/5.2.x ."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM watsonx.data information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36146",
"datePublished": "2025-09-18T15:15:58.809Z",
"dateReserved": "2025-04-15T21:16:19.940Z",
"dateUpdated": "2025-09-19T17:09:17.223Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-36143 (GCVE-0-2025-36143)
Vulnerability from nvd – Published: 2025-09-18 15:14 – Updated: 2025-09-19 17:09
VLAI
Title
IBM watsonx.data command execution
Summary
IBM Lakehouse (watsonx.data 2.2) could allow an authenticated privileged user to execute arbitrary commands on the system due to improper validation of user supplied input.
Severity
4.7 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/7245379 | vendor-advisorypatch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | watsonx.data |
Affected:
2.2
cpe:2.3:a:ibm:watsonx.data:2.2:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36143",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-19T17:00:44.873074Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-19T17:09:23.671Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:watsonx.data:2.2:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "watsonx.data",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "2.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Lakehouse (watsonx.data 2.2) could allow an authenticated privileged user to execute arbitrary commands on the system due to improper validation of user supplied input."
}
],
"value": "IBM Lakehouse (watsonx.data 2.2) could allow an authenticated privileged user to execute arbitrary commands on the system due to improper validation of user supplied input."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-18T15:14:41.611Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7245379"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe product needs to be installed or upgraded to the latest available level watsonx.data 2.2.1 or watsonx.data on CPD 5.2.1 Installation/upgrade instructions can be found here: \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/docs/en/software-hub/5.2.x?topic=watsonxdata-installing\"\u003ehttps://www.ibm.com/docs/en/watsonx/watsonxdata/2.2.x?topic=deployment-installing\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "The product needs to be installed or upgraded to the latest available level watsonx.data 2.2.1 or watsonx.data on CPD 5.2.1 Installation/upgrade instructions can be found here: https://www.ibm.com/docs/en/watsonx/watsonxdata/2.2.x?topic=deployment-installing https://www.ibm.com/docs/en/software-hub/5.2.x ."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM watsonx.data command execution",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36143",
"datePublished": "2025-09-18T15:14:41.611Z",
"dateReserved": "2025-04-15T21:16:19.940Z",
"dateUpdated": "2025-09-19T17:09:23.671Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-36139 (GCVE-0-2025-36139)
Vulnerability from nvd – Published: 2025-09-18 15:13 – Updated: 2025-09-19 17:09
VLAI
Title
IBM watsonx.data cross-site scripting
Summary
IBM Lakehouse (watsonx.data 2.2) is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/7245387 | vendor-advisorypatch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | watsonx.data |
Affected:
2.2
cpe:2.3:a:ibm:watsonx.data:2.2:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36139",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-19T17:00:54.781517Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-19T17:09:30.745Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:watsonx.data:2.2:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "watsonx.data",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "2.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Lakehouse (watsonx.data 2.2) is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"value": "IBM Lakehouse (watsonx.data 2.2) is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-18T15:13:10.913Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7245387"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe product needs to be installed or upgraded to the latest available level watsonx.data 2.2.1 or watsonx.data on CPD 5.2.1 Installation/upgrade instructions can be found here: \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/docs/en/software-hub/5.2.x?topic=watsonxdata-installing\"\u003ehttps://www.ibm.com/docs/en/watsonx/watsonxdata/2.2.x?topic=deployment-installing\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "The product needs to be installed or upgraded to the latest available level watsonx.data 2.2.1 or watsonx.data on CPD 5.2.1 Installation/upgrade instructions can be found here: https://www.ibm.com/docs/en/watsonx/watsonxdata/2.2.x?topic=deployment-installing https://www.ibm.com/docs/en/software-hub/5.2.x ."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM watsonx.data cross-site scripting",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36139",
"datePublished": "2025-09-18T15:13:10.913Z",
"dateReserved": "2025-04-15T21:16:19.008Z",
"dateUpdated": "2025-09-19T17:09:30.745Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-36145 (GCVE-0-2025-36145)
Vulnerability from cvelistv5 – Published: 2026-05-26 15:50 – Updated: 2026-05-26 17:42
VLAI
Title
Multiple Vulnerabilities in watsonx.data
Summary
IBM watsonx.data 2.2 through 2.3.1 IBM Lakehouse does not properly restrict inbound and outbound connections which could allow an attacker to transfer or modify files without restrictions.
Severity
5.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-923 - Improper Restriction of Communication Channel to Intended Endpoints
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/7272498 | vendor-advisorypatch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | watsonx.data |
Affected:
2.2.0 , ≤ 2.3.1
(semver)
cpe:2.3:a:ibm:watsonxdata:2.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:watsonxdata:2.2.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:watsonxdata:2.3.1:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36145",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-26T17:41:52.481115Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T17:42:05.425Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:watsonxdata:2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:watsonxdata:2.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:watsonxdata:2.3.1:*:*:*:*:*:*:*"
],
"product": "watsonx.data",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "2.3.1",
"status": "affected",
"version": "2.2.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM watsonx.data 2.2 through 2.3.1 IBM Lakehouse does not properly restrict inbound and outbound connections which could allow an attacker to transfer or modify files without restrictions.\u003c/p\u003e"
}
],
"value": "IBM watsonx.data 2.2 through 2.3.1 IBM Lakehouse does not properly restrict inbound and outbound connections which could allow an attacker to transfer or modify files without restrictions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-923",
"description": "CWE-923 Improper Restriction of Communication Channel to Intended Endpoints",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T15:50:54.945Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7272498"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe product needs to be installed or upgraded to the latest available level watsonx.data 2.3.x or watsonx.data on CPD 5.3.x. \u0026nbsp;Installation/upgrade instructions can be found here: \u003ca href=\"https://www.ibm.com/docs/en/software-hub/5.3.x?topic=watsonxdata-installing\" rel=\"nofollow\"\u003ehttps://www.ibm.com/docs/en/software-hub/5.3.x?topic=watsonxdata-installing\u003c/a\u003e\u003c/p\u003e"
}
],
"value": "The product needs to be installed or upgraded to the latest available level watsonx.data 2.3.x or watsonx.data on CPD 5.3.x. \u00a0Installation/upgrade instructions can be found here: https://www.ibm.com/docs/en/software-hub/5.3.x?topic=watsonxdata-installing"
}
],
"title": "Multiple Vulnerabilities in watsonx.data",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36145",
"datePublished": "2026-05-26T15:50:54.945Z",
"dateReserved": "2025-04-15T21:16:19.940Z",
"dateUpdated": "2026-05-26T17:42:05.425Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-36180 (GCVE-0-2025-36180)
Vulnerability from cvelistv5 – Published: 2026-04-30 21:28 – Updated: 2026-05-01 16:37
VLAI
Title
Inadequate Pod Communication Restrictions, affects watsonx.data
Summary
IBM watsonx.data 2.2 through 2.3 IBM Lakehouse does not properly restrict communication between pods which could allow an attacker to transfer data between pods without restrictions.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-923 - Improper Restriction of Communication Channel to Intended Endpoints
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/7270593 | vendor-advisorypatch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | watsonx.data |
Affected:
2.2.0 , ≤ 2.3.0
(semver)
cpe:2.3:a:ibm:watsonxdata:2.2.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:watsonxdata:2.3.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36180",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-01T16:07:12.084281Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-01T16:37:49.064Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:watsonxdata:2.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:watsonxdata:2.3.0:*:*:*:*:*:*:*"
],
"product": "watsonx.data",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "2.3.0",
"status": "affected",
"version": "2.2.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM watsonx.data 2.2 through 2.3 IBM Lakehouse does not properly restrict communication between pods which could allow an attacker to transfer data between pods without restrictions.\u003c/p\u003e"
}
],
"value": "IBM watsonx.data 2.2 through 2.3 IBM Lakehouse does not properly restrict communication between pods which could allow an attacker to transfer data between pods without restrictions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-923",
"description": "CWE-923 Improper Restriction of Communication Channel to Intended Endpoints",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-30T21:39:21.850Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7270593"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe product needs to be installed or upgraded to the latest available level watsonx.data 2.3.1 or watsonx.data on CPD 5.3.1. \u0026nbsp;Installation/upgrade instructions can be found here: \u003ca href=\"https://www.ibm.com/docs/en/software-hub/5.3.x?topic=watsonxdata-installing\" rel=\"nofollow\"\u003ehttps://www.ibm.com/docs/en/software-hub/5.3.x?topic=watsonxdata-installing\u003c/a\u003e\u003c/p\u003e"
}
],
"value": "The product needs to be installed or upgraded to the latest available level watsonx.data 2.3.1 or watsonx.data on CPD 5.3.1. \u00a0Installation/upgrade instructions can be found here: https://www.ibm.com/docs/en/software-hub/5.3.x?topic=watsonxdata-installing"
}
],
"title": "Inadequate Pod Communication Restrictions, affects watsonx.data",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36180",
"datePublished": "2026-04-30T21:28:00.171Z",
"dateReserved": "2025-04-15T21:16:23.419Z",
"dateUpdated": "2026-05-01T16:37:49.064Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-36335 (GCVE-0-2025-36335)
Vulnerability from cvelistv5 – Published: 2026-04-30 21:12 – Updated: 2026-05-01 14:23
VLAI
Title
Vulnerabilities found
Summary
IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.3.0, 5.3.1 stores user credentials in plain text which can be read by a local user.
Severity
6.2 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-256 - Plaintext Storage of a Password
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/7270923 | vendor-advisorypatch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | watsonx.data intelligence |
Affected:
5.2.0, 5.2.1, 5.3.0, 5.3.1 , ≤ 1.8.4
(semver)
cpe:2.3:a:ibm:watsonxdata_intelligence:5.2.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36335",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-01T14:23:02.854656Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-01T14:23:11.089Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:watsonxdata_intelligence:5.2.0:*:*:*:*:*:*:*"
],
"product": "watsonx.data intelligence",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "1.8.4",
"status": "affected",
"version": "5.2.0, 5.2.1, 5.3.0, 5.3.1",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM watsonx.data intelligence 5.2.0, 5.2.1, 5.3.0, 5.3.1 stores user credentials in plain text which can be read by a local user.\u003c/p\u003e"
}
],
"value": "IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.3.0, 5.3.1 stores user credentials in plain text which can be read by a local user."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-256",
"description": "CWE-256 Plaintext Storage of a Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-30T21:12:54.030Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7270923"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUpdate version to 5.3.1-patch3\u003cbr\u003e\u003ca href=\"https://www.ibm.com/docs/en/software-hub/5.3.x?topic=overview-available-patches-software-hub-version-531\" rel=\"nofollow\"\u003ehttps://www.ibm.com/docs/en/software-hub/5.3.x?topic=overview-available-patches-software-hub-version-531\u003c/a\u003e\u003c/p\u003e"
}
],
"value": "Update version to 5.3.1-patch3\n https://www.ibm.com/docs/en/software-hub/5.3.x?topic=overview-available-patches-software-hub-version-531"
}
],
"title": "Vulnerabilities found",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36335",
"datePublished": "2026-04-30T21:12:54.030Z",
"dateReserved": "2025-04-15T21:16:52.391Z",
"dateUpdated": "2026-05-01T14:23:11.089Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-36183 (GCVE-0-2025-36183)
Vulnerability from cvelistv5 – Published: 2026-02-17 21:32 – Updated: 2026-02-18 20:36
VLAI
Title
Privileged User File Upload Vulnerability Leading to Limited Server-Side Execution affects watsonx.data
Summary
IBM watsonx.data 2.2 through 2.2.1 IBM Lakehouse could allow a privileged user to upload malicious files that could be executed server to modify limited files or data.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/7260118 | vendor-advisorypatch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | watsonx.data |
Affected:
2.2 , ≤ 2.2.1
(semver)
cpe:2.3:a:ibm:watsonxdata:2.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:watsonxdata:2.2.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:watsonxdata:2.2.1:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36183",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-18T20:36:43.372341Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-18T20:36:53.178Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:watsonxdata:2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:watsonxdata:2.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:watsonxdata:2.2.1:*:*:*:*:*:*:*"
],
"product": "watsonx.data",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "2.2.1",
"status": "affected",
"version": "2.2",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM watsonx.data 2.2 through 2.2.1 IBM Lakehouse could allow a privileged user to upload malicious files that could be executed server to modify limited files or data.\u003c/p\u003e"
}
],
"value": "IBM watsonx.data 2.2 through 2.2.1 IBM Lakehouse could allow a privileged user to upload malicious files that could be executed server to modify limited files or data."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-17T21:33:36.352Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7260118"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe product needs to be installed or upgraded to the latest available level watsonx.data 2.2.2 or watsonx.data on CPD 5.2.2. \u0026nbsp;Installation/upgrade instructions can be found here: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/docs/en/watsonx/watsonxdata/5.2.x?topic=deployment-installing\"\u003ehttps://www.ibm.com/docs/en/watsonx/watsonxdata/5.2.x?topic=deployment-installing\u003c/a\u003e .\u003c/p\u003e"
}
],
"value": "The product needs to be installed or upgraded to the latest available level watsonx.data 2.2.2 or watsonx.data on CPD 5.2.2. \u00a0Installation/upgrade instructions can be found here: https://www.ibm.com/docs/en/watsonx/watsonxdata/5.2.x?topic=deployment-installing ."
}
],
"title": "Privileged User File Upload Vulnerability Leading to Limited Server-Side Execution affects watsonx.data",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36183",
"datePublished": "2026-02-17T21:32:26.015Z",
"dateReserved": "2025-04-15T21:16:23.419Z",
"dateUpdated": "2026-02-18T20:36:53.178Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-36140 (GCVE-0-2025-36140)
Vulnerability from cvelistv5 – Published: 2025-12-08 22:11 – Updated: 2025-12-09 16:04
VLAI
Title
IBM watsonx.data Denial of Service
Summary
IBM watsonx.data 2.2 through 2.2.1 could allow an authenticated user to cause a denial of service through ingestion pods due to improper allocation of resources without limits.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/7253932 | vendor-advisorypatch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | watsonx.data |
Affected:
2.2 , ≤ 2.2.1
(semver)
cpe:2.3:a:ibm:watsonx.data:2.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:watsonx.data:2.2.1:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36140",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-09T15:24:10.982827Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-09T16:04:58.245Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:watsonx.data:2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:watsonx.data:2.2.1:*:*:*:*:*:*:*"
],
"product": "watsonx.data",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "2.2.1",
"status": "affected",
"version": "2.2",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM watsonx.data 2.2 through 2.2.1 could allow an authenticated user to cause a denial of service through ingestion pods due to improper allocation of resources without limits.\u003c/p\u003e"
}
],
"value": "IBM watsonx.data 2.2 through 2.2.1 could allow an authenticated user to cause a denial of service through ingestion pods due to improper allocation of resources without limits."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-08T22:11:19.778Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7253932"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eRemediation/Fixes The product needs to be installed or upgraded to the latest available level watsonx.data 2.2.2 or watsonx.data on CPD 5.2.2 Installation/upgrade instructions can be found here https://www.ibm.com/docs/en/software-hub/5.2.x?topic=watsonxdata-installing.\u003c/p\u003e"
}
],
"value": "Remediation/Fixes The product needs to be installed or upgraded to the latest available level watsonx.data 2.2.2 or watsonx.data on CPD 5.2.2 Installation/upgrade instructions can be found here https://www.ibm.com/docs/en/software-hub/5.2.x?topic=watsonxdata-installing."
}
],
"title": "IBM watsonx.data Denial of Service",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36140",
"datePublished": "2025-12-08T22:11:02.760Z",
"dateReserved": "2025-04-15T21:16:19.940Z",
"dateUpdated": "2025-12-09T16:04:58.245Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-36144 (GCVE-0-2025-36144)
Vulnerability from cvelistv5 – Published: 2025-09-27 00:05 – Updated: 2025-09-29 14:04
VLAI
Title
IBM watsonx.data information disclosure
Summary
IBM Lakehouse (watsonx.data 2.2) stores potentially sensitive information in log files that could be read by a local user.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/7246267 | vendor-advisorypatch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | watsonx.data |
Affected:
2.2
cpe:2.3:a:ibm:watsonx.data:2.2:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36144",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-29T14:04:19.766656Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-29T14:04:30.872Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:watsonx.data:2.2:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "watsonx.data",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "2.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM Lakehouse (watsonx.data 2.2) stores potentially sensitive information in log files that could be read by a local user.\u003c/span\u003e"
}
],
"value": "IBM Lakehouse (watsonx.data 2.2) stores potentially sensitive information in log files that could be read by a local user."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-27T00:05:08.668Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7246267"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe product needs to be installed or upgraded to the latest available level watsonx.data 2.1 or watsonx.data on CPD 5.1. Installation/upgrade instructions can be found here \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/docs/en/software-hub/5.1.x?topic=watsonxdata-installing.\"\u003ehttps://www.ibm.com/docs/en/software-hub/5.1.x?topic=watsonxdata-installing.\u003c/a\u003e\n\n\u003cbr\u003e"
}
],
"value": "The product needs to be installed or upgraded to the latest available level watsonx.data 2.1 or watsonx.data on CPD 5.1. Installation/upgrade instructions can be found here https://www.ibm.com/docs/en/software-hub/5.1.x?topic=watsonxdata-installing."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM watsonx.data information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36144",
"datePublished": "2025-09-27T00:05:08.668Z",
"dateReserved": "2025-04-15T21:16:19.940Z",
"dateUpdated": "2025-09-29T14:04:30.872Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-36146 (GCVE-0-2025-36146)
Vulnerability from cvelistv5 – Published: 2025-09-18 15:15 – Updated: 2025-09-19 17:09
VLAI
Title
IBM watsonx.data information disclosure
Summary
IBM Lakehouse (watsonx.data 2.2) could allow an authenticated user to obtain sensitive server component version information which could aid in further attacks against the system.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/7245384 | vendor-advisorypatch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | watsonx.data |
Affected:
2.2
cpe:2.3:a:ibm:watsonx.data:2.2:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36146",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-19T17:00:35.669474Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-19T17:09:17.223Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:watsonx.data:2.2:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "watsonx.data",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "2.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Lakehouse (watsonx.data 2.2) could allow an authenticated user to obtain sensitive server component version information which could aid in further attacks against the system."
}
],
"value": "IBM Lakehouse (watsonx.data 2.2) could allow an authenticated user to obtain sensitive server component version information which could aid in further attacks against the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-497",
"description": "CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-18T15:16:49.479Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7245384"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe product needs to be installed or upgraded to the latest available level watsonx.data 2.2.1 or watsonx.data on CPD 5.2.1 Installation/upgrade instructions can be found here: \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/docs/en/software-hub/5.2.x?topic=watsonxdata-installing\"\u003ehttps://www.ibm.com/docs/en/watsonx/watsonxdata/2.2.x?topic=deployment-installing\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "The product needs to be installed or upgraded to the latest available level watsonx.data 2.2.1 or watsonx.data on CPD 5.2.1 Installation/upgrade instructions can be found here: https://www.ibm.com/docs/en/watsonx/watsonxdata/2.2.x?topic=deployment-installing https://www.ibm.com/docs/en/software-hub/5.2.x ."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM watsonx.data information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36146",
"datePublished": "2025-09-18T15:15:58.809Z",
"dateReserved": "2025-04-15T21:16:19.940Z",
"dateUpdated": "2025-09-19T17:09:17.223Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-36143 (GCVE-0-2025-36143)
Vulnerability from cvelistv5 – Published: 2025-09-18 15:14 – Updated: 2025-09-19 17:09
VLAI
Title
IBM watsonx.data command execution
Summary
IBM Lakehouse (watsonx.data 2.2) could allow an authenticated privileged user to execute arbitrary commands on the system due to improper validation of user supplied input.
Severity
4.7 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/7245379 | vendor-advisorypatch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | watsonx.data |
Affected:
2.2
cpe:2.3:a:ibm:watsonx.data:2.2:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36143",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-19T17:00:44.873074Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-19T17:09:23.671Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:watsonx.data:2.2:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "watsonx.data",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "2.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Lakehouse (watsonx.data 2.2) could allow an authenticated privileged user to execute arbitrary commands on the system due to improper validation of user supplied input."
}
],
"value": "IBM Lakehouse (watsonx.data 2.2) could allow an authenticated privileged user to execute arbitrary commands on the system due to improper validation of user supplied input."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-18T15:14:41.611Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7245379"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe product needs to be installed or upgraded to the latest available level watsonx.data 2.2.1 or watsonx.data on CPD 5.2.1 Installation/upgrade instructions can be found here: \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/docs/en/software-hub/5.2.x?topic=watsonxdata-installing\"\u003ehttps://www.ibm.com/docs/en/watsonx/watsonxdata/2.2.x?topic=deployment-installing\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "The product needs to be installed or upgraded to the latest available level watsonx.data 2.2.1 or watsonx.data on CPD 5.2.1 Installation/upgrade instructions can be found here: https://www.ibm.com/docs/en/watsonx/watsonxdata/2.2.x?topic=deployment-installing https://www.ibm.com/docs/en/software-hub/5.2.x ."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM watsonx.data command execution",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36143",
"datePublished": "2025-09-18T15:14:41.611Z",
"dateReserved": "2025-04-15T21:16:19.940Z",
"dateUpdated": "2025-09-19T17:09:23.671Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-36139 (GCVE-0-2025-36139)
Vulnerability from cvelistv5 – Published: 2025-09-18 15:13 – Updated: 2025-09-19 17:09
VLAI
Title
IBM watsonx.data cross-site scripting
Summary
IBM Lakehouse (watsonx.data 2.2) is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/7245387 | vendor-advisorypatch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | watsonx.data |
Affected:
2.2
cpe:2.3:a:ibm:watsonx.data:2.2:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36139",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-19T17:00:54.781517Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-19T17:09:30.745Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:watsonx.data:2.2:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "watsonx.data",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "2.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Lakehouse (watsonx.data 2.2) is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"value": "IBM Lakehouse (watsonx.data 2.2) is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-18T15:13:10.913Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7245387"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe product needs to be installed or upgraded to the latest available level watsonx.data 2.2.1 or watsonx.data on CPD 5.2.1 Installation/upgrade instructions can be found here: \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/docs/en/software-hub/5.2.x?topic=watsonxdata-installing\"\u003ehttps://www.ibm.com/docs/en/watsonx/watsonxdata/2.2.x?topic=deployment-installing\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "The product needs to be installed or upgraded to the latest available level watsonx.data 2.2.1 or watsonx.data on CPD 5.2.1 Installation/upgrade instructions can be found here: https://www.ibm.com/docs/en/watsonx/watsonxdata/2.2.x?topic=deployment-installing https://www.ibm.com/docs/en/software-hub/5.2.x ."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM watsonx.data cross-site scripting",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36139",
"datePublished": "2025-09-18T15:13:10.913Z",
"dateReserved": "2025-04-15T21:16:19.008Z",
"dateUpdated": "2025-09-19T17:09:30.745Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}