Search

Find a vulnerability

Search criteria

    18071 vulnerabilities by IBM

    CVE-2026-9074 (GCVE-0-2026-9074)

    Vulnerability from nvd – Published: 2026-07-08 15:24 – Updated: 2026-07-09 03:55
    VLAI
    Title
    IBM API Connect SQL Injection
    Summary
    IBM API Connect 10.0.8.0 through 10.0.8.9 and 12.1.0.0 through 12.1.0.3 contains an unauthenticated SQL injection vulnerability in the password reset functionality.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper neutralization of special elements used in an SQL command ('SQL injection')
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM API Connect Affected: 10.0.8.0 , < 10.0.8.9 (semver)
    Affected: 12.0 (semver)
        cpe:2.3:a:ibm:api_connect:10.0.8.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:api_connect:10.0.8.9:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:api_connect:12.1.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:api_connect:12.1.0.3:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-9074",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-08T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T03:55:49.087Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:api_connect:10.0.8.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:api_connect:10.0.8.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:api_connect:12.1.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:api_connect:12.1.0.3:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "API Connect",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThan": "10.0.8.9",
                  "status": "affected",
                  "version": "10.0.8.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "12.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM API Connect 10.0.8.0 through 10.0.8.9 and\u0026nbsp;\u003cspan\u003e12.1.0.0 through 12.1.0.3\u003c/span\u003e\u003cspan\u003e\u0026nbsp;contains an unauthenticated SQL injection vulnerability in the password reset functionality.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "IBM API Connect 10.0.8.0 through 10.0.8.9 and\u00a012.1.0.0 through 12.1.0.3\u00a0contains an unauthenticated SQL injection vulnerability in the password reset functionality."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 Improper neutralization of special elements used in an SQL command (\u0027SQL injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T15:31:46.331Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7278909"
            },
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7278218"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM API Connect SQL Injection",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2026-9074",
        "datePublished": "2026-07-08T15:24:38.566Z",
        "dateReserved": "2026-05-20T12:31:24.875Z",
        "dateUpdated": "2026-07-09T03:55:49.087Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-3144 (GCVE-0-2026-3144)

    Vulnerability from nvd – Published: 2026-07-08 15:22 – Updated: 2026-07-09 03:55
    VLAI
    Title
    IBM API Connect Default Credentials
    Summary
    IBM API Connect 12.1.0.0 through 12.1.0.3 uses default credentials which could allow an attacker to gain unauthorized access to the application before the system enforces a credential update.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7278909 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM API Connect Affected: 12.1.0.0 , < 12.1.0.3 (semver)
        cpe:2.3:a:ibm:api_connect:12.1.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:api_connect:12.1.0.3:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-3144",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-08T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T03:55:48.309Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:api_connect:12.1.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:api_connect:12.1.0.3:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "API Connect",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThan": "12.1.0.3",
                  "status": "affected",
                  "version": "12.1.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM API Connect 12.1.0.0 through 12.1.0.3 uses default credentials which could allow an attacker to gain unauthorized access to the application before the system enforces a credential update."
                }
              ],
              "value": "IBM API Connect 12.1.0.0 through 12.1.0.3 uses default credentials which could allow an attacker to gain unauthorized access to the application before the system enforces a credential update."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1392",
                  "description": "CWE-1392 Use of default credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T15:29:41.785Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7278909"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM API Connect Default Credentials",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2026-3144",
        "datePublished": "2026-07-08T15:22:31.263Z",
        "dateReserved": "2026-02-24T19:53:12.296Z",
        "dateUpdated": "2026-07-09T03:55:48.309Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-11541 (GCVE-0-2026-11541)

    Vulnerability from nvd – Published: 2026-06-30 20:56 – Updated: 2026-07-01 14:52
    VLAI
    Title
    IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by HTTP request smuggling
    Summary
    IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are affected by an HTTP request smuggling vulnerability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7277550 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM WebSphere Application Server Affected: 9.0
    Affected: 8.5
        cpe:2.3:a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:websphere_application_server:9.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:websphere_application_server:8.5.0:*:*:*:*:*:*:*
    Create a notification for this product.
    IBM WebSphere Application Server - Liberty Affected: 17.0.0.3 , ≤ 26.0.0.6 (semver)
        cpe:2.3:a:ibm:websphere_application_server___liberty:17.0.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:websphere_application_server___liberty:26.0.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-11541",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T14:52:04.153923Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T14:52:15.909Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:websphere_application_server:9.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:websphere_application_server:8.5.0:*:*:*:*:*:*:*"
              ],
              "product": "WebSphere Application Server",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.0"
                },
                {
                  "status": "affected",
                  "version": "8.5"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:ibm:websphere_application_server___liberty:17.0.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:websphere_application_server___liberty:26.0.0.6:*:*:*:*:*:*:*"
              ],
              "product": "WebSphere Application Server - Liberty",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "26.0.0.6",
                  "status": "affected",
                  "version": "17.0.0.3",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are affected by an HTTP request smuggling vulnerability.\u003c/p\u003e"
                }
              ],
              "value": "IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are affected by an HTTP request smuggling vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-444",
                  "description": "CWE-444 Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T20:56:04.135Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7277550"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now by applying a currently available interim fix or fix pack that contains the fix for APAR PH71808 and PH71706.\u0026nbsp;\u003c/p\u003e\u003cdiv\u003e\u003cp\u003e\u003cstrong\u003eFor IBM WebSphere Application Server Liberty 17.0.0.3 - 26.0.0.6:\u003c/strong\u003e\u003c/p\u003e\u003cp\u003e\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves \u003ca href=\"https://www.ibm.com/support/pages/node/7277460\" rel=\"nofollow\"\u003ePH71808\u003c/a\u003e\u003cbr\u003e--OR--\u003cbr\u003e\u00b7 Apply Fix Pack 26.0.0.7 or later (targeted availability 3Q2026).\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFor IBM WebSphere Application Server traditional:\u003c/strong\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFor V9.0.0.0 through 9.0.5.28:\u003c/strong\u003e\u003cbr\u003e\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves \u003ca href=\"https://www.ibm.com/support/pages/node/7277463\" rel=\"nofollow\"\u003ePH71706\u003c/a\u003e\u003cbr\u003e--OR--\u003cbr\u003e\u00b7 Apply Fix Pack 9.0.5.29 or later (targeted availability 3Q2026).\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFor V8.5.0.0 through 8.5.5.30:\u003c/strong\u003e\u003cbr\u003e\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves \u003ca href=\"https://www.ibm.com/support/pages/node/7277463\" rel=\"nofollow\"\u003ePH71706\u003c/a\u003e\u003cbr\u003e--OR--\u003cbr\u003e\u00b7 Apply Fix Pack 8.5.5.31 or later (targeted availability 3Q2026).\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003c/div\u003e\u003cp\u003eAdditional interim fixes may be available and linked off the interim fix download page.\u003c/p\u003e"
                }
              ],
              "value": "IBM strongly recommends addressing the vulnerability now by applying a currently available interim fix or fix pack that contains the fix for APAR PH71808 and PH71706.\u00a0\n\n\n\nFor IBM WebSphere Application Server Liberty 17.0.0.3 - 26.0.0.6:\n\n\n\n\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves  PH71808 https://www.ibm.com/support/pages/node/7277460 \n--OR--\n\u00b7 Apply Fix Pack 26.0.0.7 or later (targeted availability 3Q2026).\n\n\n\n\n\n\n\nFor IBM WebSphere Application Server traditional:\n\n\n\nFor V9.0.0.0 through 9.0.5.28:\n\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves  PH71706 https://www.ibm.com/support/pages/node/7277463 \n--OR--\n\u00b7 Apply Fix Pack 9.0.5.29 or later (targeted availability 3Q2026).\u00a0\n\n\n\nFor V8.5.0.0 through 8.5.5.30:\n\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves  PH71706 https://www.ibm.com/support/pages/node/7277463 \n--OR--\n\u00b7 Apply Fix Pack 8.5.5.31 or later (targeted availability 3Q2026).\u00a0\n\n\n\n\n\n\n\n\n\nAdditional interim fixes may be available and linked off the interim fix download page."
            }
          ],
          "title": "IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by HTTP request smuggling",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2026-11541",
        "datePublished": "2026-06-30T20:56:04.135Z",
        "dateReserved": "2026-06-08T02:55:08.653Z",
        "dateUpdated": "2026-07-01T14:52:15.909Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-11594 (GCVE-0-2026-11594)

    Vulnerability from nvd – Published: 2026-06-30 20:50 – Updated: 2026-07-01 14:29
    VLAI
    Title
    IBM WebSphere Application Server is affected by multiple cross-site scripting vulnerabilities
    Summary
    IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability in the administrative console.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7277546 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM WebSphere Application Server Affected: 9.0
    Affected: 8.5
        cpe:2.3:a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:websphere_application_server:9.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:websphere_application_server:8.5.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-11594",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T13:49:02.894633Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T14:29:19.691Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:websphere_application_server:9.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:websphere_application_server:8.5.0:*:*:*:*:*:*:*"
              ],
              "product": "WebSphere Application Server",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.0"
                },
                {
                  "status": "affected",
                  "version": "8.5"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability in the administrative console.\u003c/p\u003e"
                }
              ],
              "value": "IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability in the administrative console."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T20:50:34.772Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7277546"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now by applying a currently available interim fix or fix pack that contains the fix for APAR PH71757.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFor IBM WebSphere Application Server traditional:\u003c/strong\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFor V9.0.0.0 through 9.0.5.28:\u003c/strong\u003e\u003cbr/\u003e\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves \u003ca href=\"https://www.ibm.com/support/pages/node/7277464\" rel=\"nofollow\"\u003ePH71757\u003c/a\u003e\u003cbr/\u003e--OR--\u003cbr/\u003e\u00b7 Apply Fix Pack 9.0.5.29 or later (targeted availability 3Q2026).\u00a0\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFor V8.5.0.0 through 8.5.5.29:\u003c/strong\u003e\u003cbr/\u003e\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves \u003ca href=\"https://www.ibm.com/support/pages/node/7277464\" rel=\"nofollow\"\u003ePH71757\u003c/a\u003e\u003cbr/\u003e--OR--\u003cbr/\u003e\u00b7 Apply Fix Pack 8.5.5.30 or later (targeted availability 3Q2026).\u00a0\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eAdditional interim fixes may be available and linked off the interim fix download page.\u003c/p\u003e"
                }
              ],
              "value": "IBM strongly recommends addressing the vulnerability now by applying a currently available interim fix or fix pack that contains the fix for APAR PH71757.\n\n\n\nFor IBM WebSphere Application Server traditional:\n\n\n\nFor V9.0.0.0 through 9.0.5.28:\n\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves  PH71757 https://www.ibm.com/support/pages/node/7277464 \n--OR--\n\u00b7 Apply Fix Pack 9.0.5.29 or later (targeted availability 3Q2026).\u00a0\n\n\n\nFor V8.5.0.0 through 8.5.5.29:\n\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves  PH71757 https://www.ibm.com/support/pages/node/7277464 \n--OR--\n\u00b7 Apply Fix Pack 8.5.5.30 or later (targeted availability 3Q2026).\u00a0\n\n\n\n\n\n\n\nAdditional interim fixes may be available and linked off the interim fix download page."
            }
          ],
          "title": "IBM WebSphere Application Server is affected by multiple cross-site scripting vulnerabilities",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2026-11594",
        "datePublished": "2026-06-30T20:50:34.772Z",
        "dateReserved": "2026-06-08T14:06:40.450Z",
        "dateUpdated": "2026-07-01T14:29:19.691Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-36359 (GCVE-0-2025-36359)

    Vulnerability from nvd – Published: 2026-06-30 20:11 – Updated: 2026-07-01 13:23
    VLAI
    Title
    IBM DevOps Loop is susceptible to an Insufficient Session Expiration vulnerability.
    Summary
    IBM DevOps Automation 1.0.1 and IBM DevOps Loop 1.0.2 does not invalidate session IDs after expiration which could allow an authenticated user to impersonate another user on the system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-613 - Insufficient Session Expiration
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7277970 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM DevOps Automation Affected: 1.0.1
        cpe:2.3:a:ibm:devops_automation:1.0.1:*:*:*:*:*:*:*
    Create a notification for this product.
    IBM DevOps Loop Affected: 1.0.2
        cpe:2.3:a:ibm:devops_loop:1.0.2:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Sunil Dandamudi (HCL Software)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-36359",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T13:23:25.823969Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T13:23:33.040Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:devops_automation:1.0.1:*:*:*:*:*:*:*"
              ],
              "product": "DevOps Automation",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.1"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:ibm:devops_loop:1.0.2:*:*:*:*:*:*:*"
              ],
              "product": "DevOps Loop",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.2"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Sunil Dandamudi (HCL Software)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM DevOps Automation 1.0.1 and IBM DevOps Loop 1.0.2 does not invalidate session IDs after expiration which could allow an authenticated user to impersonate another user on the system.\u003c/p\u003e"
                }
              ],
              "value": "IBM DevOps Automation 1.0.1 and IBM DevOps Loop 1.0.2 does not invalidate session IDs after expiration which could allow an authenticated user to impersonate another user on the system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-613",
                  "description": "CWE-613 Insufficient Session Expiration",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T20:11:57.390Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7277970"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now by updating to \u003ca href=\"https://www.ibm.com/docs/en/devops-loop/1.0.3\" rel=\"nofollow\"\u003eIBM DevOps Loop 1.0.3\u003c/a\u003e\u003c/p\u003e"
                }
              ],
              "value": "IBM strongly recommends addressing the vulnerability now by updating to  IBM DevOps Loop 1.0.3 https://www.ibm.com/docs/en/devops-loop/1.0.3"
            }
          ],
          "title": "IBM DevOps Loop is susceptible to an Insufficient Session Expiration vulnerability.",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-36359",
        "datePublished": "2026-06-30T20:11:57.390Z",
        "dateReserved": "2025-04-15T21:16:54.210Z",
        "dateUpdated": "2026-07-01T13:23:33.040Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-36336 (GCVE-0-2025-36336)

    Vulnerability from nvd – Published: 2026-06-30 20:12 – Updated: 2026-07-01 14:00
    VLAI
    Title
    Transmission of Sensitive Information found in Watson Data Intelligence
    Summary
    IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-319 - Cleartext Transmission of Sensitive Information
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7277801 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM watsonx.data intelligence Affected: 5.2.0, 5.2.1, 5.2.2, 5.3.0
        cpe:2.3:a:ibm:watsonxdata_intelligence:5.2.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-36336",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T14:00:15.716913Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T14:00:23.226Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:watsonxdata_intelligence:5.2.0:*:*:*:*:*:*:*"
              ],
              "product": "watsonx.data intelligence",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.2.0, 5.2.1, 5.2.2, 5.3.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques.\u003c/p\u003e"
                }
              ],
              "value": "IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-319",
                  "description": "CWE-319 Cleartext Transmission of Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T20:12:44.126Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7277801"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003ctable\u003e\u003ccolgroup\u003e\u003ccol/\u003e\u003ccol/\u003e\u003ccol/\u003e\u003c/colgroup\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eAffected product\u003c/td\u003e\u003ctd\u003eFixed in release\u003c/td\u003e\u003ctd\u003eInstructions\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM watsonx.data intelligence 5.2.0 - 5.3.0\u003c/td\u003e\u003ctd\u003e5.3.1\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/docs/en/watsonx/wdi/2.3.x?topic=new-watsonxdata-intelligence\" rel=\"nofollow\"\u003ehttps://www.ibm.com/docs/en/watsonx/wdi/2.3.x?topic=new-watsonxdata-intelligence\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003eIBM strongly advises upgrading as soon as possible\u003c/p\u003e"
                }
              ],
              "value": "Affected productFixed in releaseInstructionsIBM watsonx.data intelligence 5.2.0 - 5.3.05.3.1 https://www.ibm.com/docs/en/watsonx/wdi/2.3.x?topic=new-watsonxdata-intelligence \n\n\n\nIBM strongly advises upgrading as soon as possible"
            }
          ],
          "title": "Transmission of Sensitive Information found in Watson Data Intelligence",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-36336",
        "datePublished": "2026-06-30T20:12:44.126Z",
        "dateReserved": "2025-04-15T21:16:52.391Z",
        "dateUpdated": "2026-07-01T14:00:23.226Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-36333 (GCVE-0-2025-36333)

    Vulnerability from nvd – Published: 2026-06-30 20:15 – Updated: 2026-07-01 12:56
    VLAI
    Title
    Vulnerabilities found in Watson Data Intelligence
    Summary
    IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow an authenticated user to perform unauthorized actions due to the improper enforcement of behavioral workflow.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-841 - Improper Enforcement of Behavioral Workflow
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7277801 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM watsonx.data intelligence Affected: 5.2.0, 5.2.1, 5.2.2, 5.3.0
        cpe:2.3:a:ibm:watsonxdata_intelligence:5.2.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-36333",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T12:56:08.365707Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T12:56:25.329Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:watsonxdata_intelligence:5.2.0:*:*:*:*:*:*:*"
              ],
              "product": "watsonx.data intelligence",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.2.0, 5.2.1, 5.2.2, 5.3.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow an authenticated user to perform unauthorized actions due to the improper enforcement of behavioral workflow.\u003c/p\u003e"
                }
              ],
              "value": "IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow an authenticated user to perform unauthorized actions due to the improper enforcement of behavioral workflow."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-841",
                  "description": "CWE-841 Improper Enforcement of Behavioral Workflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T20:15:19.777Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7277801"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003ctable\u003e\u003ccolgroup\u003e\u003ccol/\u003e\u003ccol/\u003e\u003ccol/\u003e\u003c/colgroup\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eAffected product\u003c/td\u003e\u003ctd\u003eFixed in release\u003c/td\u003e\u003ctd\u003eInstructions\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM watsonx.data intelligence 5.2.0 - 5.3.0\u003c/td\u003e\u003ctd\u003e5.3.1\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/docs/en/watsonx/wdi/2.3.x?topic=new-watsonxdata-intelligence\" rel=\"nofollow\"\u003ehttps://www.ibm.com/docs/en/watsonx/wdi/2.3.x?topic=new-watsonxdata-intelligence\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003eIBM strongly advises upgrading as soon as possible\u003c/p\u003e"
                }
              ],
              "value": "Affected productFixed in releaseInstructionsIBM watsonx.data intelligence 5.2.0 - 5.3.05.3.1 https://www.ibm.com/docs/en/watsonx/wdi/2.3.x?topic=new-watsonxdata-intelligence \n\n\n\nIBM strongly advises upgrading as soon as possible"
            }
          ],
          "title": "Vulnerabilities found in Watson Data Intelligence",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-36333",
        "datePublished": "2026-06-30T20:15:19.777Z",
        "dateReserved": "2025-04-15T21:16:52.390Z",
        "dateUpdated": "2026-07-01T12:56:25.329Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-36328 (GCVE-0-2025-36328)

    Vulnerability from nvd – Published: 2026-06-30 20:16 – Updated: 2026-07-01 15:46
    VLAI
    Title
    Error Message Containing Sensitive Information found in Watson Data Intelligence
    Summary
    IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.  This information could be used in further attacks against the system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-209 - Generation of Error Message Containing Sensitive Information
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7277801 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM watsonx.data intelligence Affected: 5.2.0, 5.2.1, 5.2.2, 5.3.0
        cpe:2.3:a:ibm:watsonxdata_intelligence:5.2.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-36328",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T15:45:49.694163Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T15:46:08.236Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:watsonxdata_intelligence:5.2.0:*:*:*:*:*:*:*"
              ],
              "product": "watsonx.data intelligence",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.2.0, 5.2.1, 5.2.2, 5.3.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.\u0026nbsp; This information could be used in further attacks against the system.\u003c/p\u003e"
                }
              ],
              "value": "IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.\u00a0 This information could be used in further attacks against the system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-209",
                  "description": "CWE-209 Generation of Error Message Containing Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T20:16:45.432Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7277801"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003ctable\u003e\u003ccolgroup\u003e\u003ccol/\u003e\u003ccol/\u003e\u003ccol/\u003e\u003c/colgroup\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eAffected product\u003c/td\u003e\u003ctd\u003eFixed in release\u003c/td\u003e\u003ctd\u003eInstructions\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM watsonx.data intelligence 5.2.0 - 5.3.0\u003c/td\u003e\u003ctd\u003e5.3.1\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/docs/en/watsonx/wdi/2.3.x?topic=new-watsonxdata-intelligence\" rel=\"nofollow\"\u003ehttps://www.ibm.com/docs/en/watsonx/wdi/2.3.x?topic=new-watsonxdata-intelligence\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003eIBM strongly advises upgrading as soon as possible\u003c/p\u003e"
                }
              ],
              "value": "Affected productFixed in releaseInstructionsIBM watsonx.data intelligence 5.2.0 - 5.3.05.3.1https://www.ibm.com/docs/en/watsonx/wdi/2.3.x?topic=new-watsonxdata-intelligenceIBM strongly advises upgrading as soon as possible"
            }
          ],
          "title": "Error Message Containing Sensitive Information found in Watson Data Intelligence",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-36328",
        "datePublished": "2026-06-30T20:16:45.432Z",
        "dateReserved": "2025-04-15T21:16:51.462Z",
        "dateUpdated": "2026-07-01T15:46:08.236Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-36327 (GCVE-0-2025-36327)

    Vulnerability from nvd – Published: 2026-06-30 20:17 – Updated: 2026-07-01 14:50
    VLAI
    Title
    Vulnerabilities found in Watson Data Intelligence
    Summary
    IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow an authenticated user to bypass security controls and perform unauthorized actions due to client-side enforcement of sever-side security.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-602 - Client-Side Enforcement of Server-Side Security
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7277801 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM watsonx.data intelligence Affected: 5.2.0, 5.2.1, 5.2.2, 5.3.0
        cpe:2.3:a:ibm:watsonxdata_intelligence:5.2.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-36327",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T14:50:06.941010Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T14:50:19.162Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:watsonxdata_intelligence:5.2.0:*:*:*:*:*:*:*"
              ],
              "product": "watsonx.data intelligence",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.2.0, 5.2.1, 5.2.2, 5.3.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow an authenticated user to bypass security controls and perform unauthorized actions due to client-side enforcement of sever-side security.\u003c/p\u003e"
                }
              ],
              "value": "IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow an authenticated user to bypass security controls and perform unauthorized actions due to client-side enforcement of sever-side security."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-602",
                  "description": "CWE-602 Client-Side Enforcement of Server-Side Security",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T20:17:27.469Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7277801"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003ctable\u003e\u003ccolgroup\u003e\u003ccol/\u003e\u003ccol/\u003e\u003ccol/\u003e\u003c/colgroup\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eAffected product\u003c/td\u003e\u003ctd\u003eFixed in release\u003c/td\u003e\u003ctd\u003eInstructions\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM watsonx.data intelligence 5.2.0 - 5.3.0\u003c/td\u003e\u003ctd\u003e5.3.1\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/docs/en/watsonx/wdi/2.3.x?topic=new-watsonxdata-intelligence\" rel=\"nofollow\"\u003ehttps://www.ibm.com/docs/en/watsonx/wdi/2.3.x?topic=new-watsonxdata-intelligence\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003eIBM strongly advises upgrading as soon as possible\u003c/p\u003e"
                }
              ],
              "value": "Affected productFixed in releaseInstructionsIBM watsonx.data intelligence 5.2.0 - 5.3.05.3.1 https://www.ibm.com/docs/en/watsonx/wdi/2.3.x?topic=new-watsonxdata-intelligence \n\n\n\nIBM strongly advises upgrading as soon as possible"
            }
          ],
          "title": "Vulnerabilities found in Watson Data Intelligence",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-36327",
        "datePublished": "2026-06-30T20:17:27.469Z",
        "dateReserved": "2025-04-15T21:16:51.462Z",
        "dateUpdated": "2026-07-01T14:50:19.162Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-36324 (GCVE-0-2025-36324)

    Vulnerability from nvd – Published: 2026-06-30 20:18 – Updated: 2026-07-01 14:29
    VLAI
    Title
    Vulnerabilities found in Watson Data Intelligence
    Summary
    IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 s vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7277801 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM watsonx.data intelligence Affected: 5.2.0, 5.2.1, 5.2.2, 5.3.0
        cpe:2.3:a:ibm:watsonxdata_intelligence:5.2.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-36324",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T13:49:15.376483Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T14:29:28.435Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:watsonxdata_intelligence:5.2.0:*:*:*:*:*:*:*"
              ],
              "product": "watsonx.data intelligence",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.2.0, 5.2.1, 5.2.2, 5.3.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 s vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.\u003c/p\u003e"
                }
              ],
              "value": "IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 s vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918 Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T20:18:12.358Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7277801"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003ctable\u003e\u003ccolgroup\u003e\u003ccol/\u003e\u003ccol/\u003e\u003ccol/\u003e\u003c/colgroup\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eAffected product\u003c/td\u003e\u003ctd\u003eFixed in release\u003c/td\u003e\u003ctd\u003eInstructions\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM watsonx.data intelligence 5.2.0 - 5.3.0\u003c/td\u003e\u003ctd\u003e5.3.1\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/docs/en/watsonx/wdi/2.3.x?topic=new-watsonxdata-intelligence\" rel=\"nofollow\"\u003ehttps://www.ibm.com/docs/en/watsonx/wdi/2.3.x?topic=new-watsonxdata-intelligence\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003eIBM strongly advises upgrading as soon as possible\u003c/p\u003e"
                }
              ],
              "value": "Affected productFixed in releaseInstructionsIBM watsonx.data intelligence 5.2.0 - 5.3.05.3.1 https://www.ibm.com/docs/en/watsonx/wdi/2.3.x?topic=new-watsonxdata-intelligence \n\n\n\nIBM strongly advises upgrading as soon as possible"
            }
          ],
          "title": "Vulnerabilities found in Watson Data Intelligence",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-36324",
        "datePublished": "2026-06-30T20:18:12.358Z",
        "dateReserved": "2025-04-15T21:16:51.462Z",
        "dateUpdated": "2026-07-01T14:29:28.435Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-36323 (GCVE-0-2025-36323)

    Vulnerability from nvd – Published: 2026-06-30 20:19 – Updated: 2026-07-01 13:23
    VLAI
    Title
    Vulnerabilities found in Watson Data Intelligence
    Summary
    IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7277801 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM watsonx.data intelligence Affected: 5.2.0, 5.2.1, 5.2.2, 5.3.0
        cpe:2.3:a:ibm:watsonxdata_intelligence:5.2.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-36323",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T13:22:56.991964Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T13:23:06.695Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:watsonxdata_intelligence:5.2.0:*:*:*:*:*:*:*"
              ],
              "product": "watsonx.data intelligence",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.2.0, 5.2.1, 5.2.2, 5.3.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.\u003c/p\u003e"
                }
              ],
              "value": "IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T20:19:08.912Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7277801"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003ctable\u003e\u003ccolgroup\u003e\u003ccol/\u003e\u003ccol/\u003e\u003ccol/\u003e\u003c/colgroup\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eAffected product\u003c/td\u003e\u003ctd\u003eFixed in release\u003c/td\u003e\u003ctd\u003eInstructions\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM watsonx.data intelligence 5.2.0 - 5.3.0\u003c/td\u003e\u003ctd\u003e5.3.1\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/docs/en/watsonx/wdi/2.3.x?topic=new-watsonxdata-intelligence\" rel=\"nofollow\"\u003ehttps://www.ibm.com/docs/en/watsonx/wdi/2.3.x?topic=new-watsonxdata-intelligence\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003eIBM strongly advises upgrading as soon as possible\u003c/p\u003e"
                }
              ],
              "value": "Affected productFixed in releaseInstructionsIBM watsonx.data intelligence 5.2.0 - 5.3.05.3.1 https://www.ibm.com/docs/en/watsonx/wdi/2.3.x?topic=new-watsonxdata-intelligence \n\n\n\nIBM strongly advises upgrading as soon as possible"
            }
          ],
          "title": "Vulnerabilities found in Watson Data Intelligence",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-36323",
        "datePublished": "2026-06-30T20:19:08.912Z",
        "dateReserved": "2025-04-15T21:16:51.462Z",
        "dateUpdated": "2026-07-01T13:23:06.695Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-36321 (GCVE-0-2025-36321)

    Vulnerability from nvd – Published: 2026-06-30 20:19 – Updated: 2026-07-01 13:59
    VLAI
    Title
    Vulnerabilities found in Watson Data Intelligence
    Summary
    IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7277801 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM watsonx.data intelligence Affected: 5.2.0, 5.2.1, 5.2.2, 5.3.0
        cpe:2.3:a:ibm:watsonxdata_intelligence:5.2.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-36321",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T13:59:46.167425Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T13:59:54.456Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:watsonxdata_intelligence:5.2.0:*:*:*:*:*:*:*"
              ],
              "product": "watsonx.data intelligence",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.2.0, 5.2.1, 5.2.2, 5.3.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim\u0027s Web browser within the security context of the hosting site.\u003c/p\u003e"
                }
              ],
              "value": "IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim\u0027s Web browser within the security context of the hosting site."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-80",
                  "description": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T20:19:53.940Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7277801"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003ctable\u003e\u003ccolgroup\u003e\u003ccol/\u003e\u003ccol/\u003e\u003ccol/\u003e\u003c/colgroup\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eAffected product\u003c/td\u003e\u003ctd\u003eFixed in release\u003c/td\u003e\u003ctd\u003eInstructions\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM watsonx.data intelligence 5.2.0 - 5.3.0\u003c/td\u003e\u003ctd\u003e5.3.1\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/docs/en/watsonx/wdi/2.3.x?topic=new-watsonxdata-intelligence\" rel=\"nofollow\"\u003ehttps://www.ibm.com/docs/en/watsonx/wdi/2.3.x?topic=new-watsonxdata-intelligence\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003eIBM strongly advises upgrading as soon as possible\u003c/p\u003e"
                }
              ],
              "value": "Affected productFixed in releaseInstructionsIBM watsonx.data intelligence 5.2.0 - 5.3.05.3.1 https://www.ibm.com/docs/en/watsonx/wdi/2.3.x?topic=new-watsonxdata-intelligence \n\n\n\nIBM strongly advises upgrading as soon as possible"
            }
          ],
          "title": "Vulnerabilities found in Watson Data Intelligence",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-36321",
        "datePublished": "2026-06-30T20:19:53.940Z",
        "dateReserved": "2025-04-15T21:16:51.461Z",
        "dateUpdated": "2026-07-01T13:59:54.456Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-36320 (GCVE-0-2025-36320)

    Vulnerability from nvd – Published: 2026-06-30 20:22 – Updated: 2026-07-01 12:57
    VLAI
    Title
    Vulnerabilities found in Watson Data Intelligence
    Summary
    IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7277801 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM watsonx.data intelligence Affected: 5.2.0, 5.2.1, 5.2.2, 5.3.0
        cpe:2.3:a:ibm:watsonxdata_intelligence:5.2.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-36320",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T12:57:00.491605Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T12:57:14.317Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:watsonxdata_intelligence:5.2.0:*:*:*:*:*:*:*"
              ],
              "product": "watsonx.data intelligence",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.2.0, 5.2.1, 5.2.2, 5.3.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.\u003c/p\u003e"
                }
              ],
              "value": "IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T20:22:12.916Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7277801"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003ctable\u003e\u003ccolgroup\u003e\u003ccol/\u003e\u003ccol/\u003e\u003ccol/\u003e\u003c/colgroup\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eAffected product\u003c/td\u003e\u003ctd\u003eFixed in release\u003c/td\u003e\u003ctd\u003eInstructions\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM watsonx.data intelligence 5.2.0 - 5.3.0\u003c/td\u003e\u003ctd\u003e5.3.1\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/docs/en/watsonx/wdi/2.3.x?topic=new-watsonxdata-intelligence\" rel=\"nofollow\"\u003ehttps://www.ibm.com/docs/en/watsonx/wdi/2.3.x?topic=new-watsonxdata-intelligence\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003eIBM strongly advises upgrading as soon as possible\u003c/p\u003e"
                }
              ],
              "value": "Affected productFixed in releaseInstructionsIBM watsonx.data intelligence 5.2.0 - 5.3.05.3.1 https://www.ibm.com/docs/en/watsonx/wdi/2.3.x?topic=new-watsonxdata-intelligence \n\n\n\nIBM strongly advises upgrading as soon as possible"
            }
          ],
          "title": "Vulnerabilities found in Watson Data Intelligence",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-36320",
        "datePublished": "2026-06-30T20:22:12.916Z",
        "dateReserved": "2025-04-15T21:16:51.461Z",
        "dateUpdated": "2026-07-01T12:57:14.317Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-36319 (GCVE-0-2025-36319)

    Vulnerability from nvd – Published: 2026-06-30 20:23 – Updated: 2026-07-01 15:45
    VLAI
    Title
    Vulnerabilities found in Watson Data Intelligence
    Summary
    IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow an authenticated user to cause a temporary denial using a specially crafted HTTP request due to improper allocation of resource throttling.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7277801 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM watsonx.data intelligence Affected: 5.2.0, 5.2.1, 5.2.2, 5.3.0
        cpe:2.3:a:ibm:watsonxdata_intelligence:5.2.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-36319",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T15:44:59.080371Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T15:45:10.304Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:watsonxdata_intelligence:5.2.0:*:*:*:*:*:*:*"
              ],
              "product": "watsonx.data intelligence",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.2.0, 5.2.1, 5.2.2, 5.3.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow an authenticated user to cause a temporary denial using a specially crafted HTTP request due to improper allocation of resource throttling.\u003c/p\u003e"
                }
              ],
              "value": "IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow an authenticated user to cause a temporary denial using a specially crafted HTTP request due to improper allocation of resource throttling."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T20:23:09.020Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7277801"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003ctable\u003e\u003ccolgroup\u003e\u003ccol/\u003e\u003ccol/\u003e\u003ccol/\u003e\u003c/colgroup\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eAffected product\u003c/td\u003e\u003ctd\u003eFixed in release\u003c/td\u003e\u003ctd\u003eInstructions\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM watsonx.data intelligence 5.2.0 - 5.3.0\u003c/td\u003e\u003ctd\u003e5.3.1\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/docs/en/watsonx/wdi/2.3.x?topic=new-watsonxdata-intelligence\" rel=\"nofollow\"\u003ehttps://www.ibm.com/docs/en/watsonx/wdi/2.3.x?topic=new-watsonxdata-intelligence\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003eIBM strongly advises upgrading as soon as possible\u003c/p\u003e"
                }
              ],
              "value": "Affected productFixed in releaseInstructionsIBM watsonx.data intelligence 5.2.0 - 5.3.05.3.1 https://www.ibm.com/docs/en/watsonx/wdi/2.3.x?topic=new-watsonxdata-intelligence \n\n\n\nIBM strongly advises upgrading as soon as possible"
            }
          ],
          "title": "Vulnerabilities found in Watson Data Intelligence",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-36319",
        "datePublished": "2026-06-30T20:23:09.020Z",
        "dateReserved": "2025-04-15T21:16:50.580Z",
        "dateUpdated": "2026-07-01T15:45:10.304Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-12530 (GCVE-0-2025-12530)

    Vulnerability from nvd – Published: 2026-06-30 20:34 – Updated: 2026-07-01 14:51
    VLAI
    Title
    Vulnerabilities found in Watson Data Intelligence
    Summary
    IBM watsonx.data intelligence 5.2.2, 5.3.0, 5.3.1, 5.3.1 through patch-1 transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-319 - Cleartext Transmission of Sensitive Information
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7277802 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM watsonx.data intelligence Affected: 5.2.2, 5.3.0, 5.3.1, 5.3.1 (semver)
        cpe:2.3:a:ibm:watsonxdata_intelligence:5.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:watsonxdata_intelligence:patch-1:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-12530",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T14:51:16.107572Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T14:51:30.286Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:watsonxdata_intelligence:5.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:watsonxdata_intelligence:patch-1:*:*:*:*:*:*:*"
              ],
              "product": "watsonx.data intelligence",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.2.2, 5.3.0, 5.3.1, 5.3.1",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM watsonx.data intelligence 5.2.2, 5.3.0, 5.3.1, 5.3.1 through patch-1 transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques.\u003c/p\u003e"
                }
              ],
              "value": "IBM watsonx.data intelligence 5.2.2, 5.3.0, 5.3.1, 5.3.1 through patch-1 transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-319",
                  "description": "CWE-319 Cleartext Transmission of Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T20:34:09.566Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7277802"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003ctable\u003e\u003ccolgroup\u003e\u003ccol/\u003e\u003ccol/\u003e\u003ccol/\u003e\u003c/colgroup\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eAffected Product\u003c/td\u003e\u003ctd\u003eFixed Versions\u003c/td\u003e\u003ctd\u003eInstructions\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM watsonx.data intelligence 5.2.2 - 5.3.1-patch1\u003c/td\u003e\u003ctd\u003e5.3.1-patch3\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/docs/en/watsonx/wdi/2.3.x?topic=new-watsonxdata-intelligence\" rel=\"nofollow\"\u003ehttps://www.ibm.com/docs/en/watsonx/wdi/2.3.x?topic=new-watsonxdata-intelligence\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003eIBM strongly advises upgrading as soon as possible\u003c/p\u003e"
                }
              ],
              "value": "Affected ProductFixed VersionsInstructionsIBM watsonx.data intelligence 5.2.2 - 5.3.1-patch15.3.1-patch3 https://www.ibm.com/docs/en/watsonx/wdi/2.3.x?topic=new-watsonxdata-intelligence \n\n\n\nIBM strongly advises upgrading as soon as possible"
            }
          ],
          "title": "Vulnerabilities found in Watson Data Intelligence",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-12530",
        "datePublished": "2026-06-30T20:34:09.566Z",
        "dateReserved": "2025-10-30T18:13:49.495Z",
        "dateUpdated": "2026-07-01T14:51:30.286Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-9836 (GCVE-0-2026-9836)

    Vulnerability from nvd – Published: 2026-06-30 19:04 – Updated: 2026-06-30 20:09
    VLAI
    Title
    IBM DataStage Flow Designer application is affected by an information disclosure vulnerability
    Summary
    IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information disclosure vulnerability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7278188 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM InfoSphere Information Server Affected: 11.7.0.0 , ≤ 11.7.1.6 (semver)
        cpe:2.3:a:ibm:infosphere_information_server:11.7.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:infosphere_information_server:11.7.1.6:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-9836",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-30T20:09:28.590918Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T20:09:38.102Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:infosphere_information_server:11.7.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:infosphere_information_server:11.7.1.6:*:*:*:*:*:*:*"
              ],
              "product": "InfoSphere Information Server",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "11.7.1.6",
                  "status": "affected",
                  "version": "11.7.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information disclosure vulnerability.\u003c/p\u003e"
                }
              ],
              "value": "IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information disclosure vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T19:04:55.838Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7278188"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eIBM InfoSphere Information Server\u003c/td\u003e\u003ctd\u003e11.7.0.0 to 11.7.1.6\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/mysupport/s/defect/aCIgJ000000E8ov/dt471579\" rel=\"nofollow\"\u003eDT471579\u003c/a\u003e\u003c/td\u003e\u003ctd\u003e--Apply IBM InfoSphere Information Server version\u00a0\u003ca href=\"https://www.ibm.com/support/pages/node/878310\" rel=\"noopener noreferrer nofollow\"\u003e11.7.1.0\u003c/a\u003e\u003cbr/\u003e--Apply IBM InfoSphere Information Server version\u00a0\u003ca href=\"https://www.ibm.com/support/pages/node/7182872\" rel=\"nofollow\"\u003e11.7.1.6\u003c/a\u003e\u003cbr/\u003e\u003cbr/\u003e--Apply IBM InfoSphere Information Server\u00a0\u003ca href=\"https://www.ibm.com/support/pages/node/7274932\" rel=\"nofollow\"\u003e11.7.1.6 Service pack 3\u003c/a\u003e\u003cbr/\u003e\u003cbr/\u003e\u003cbr/\u003e\u003cbr/\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e"
                }
              ],
              "value": "IBM InfoSphere Information Server11.7.0.0 to 11.7.1.6DT471579--Apply IBM InfoSphere Information Server version\u00a011.7.1.0--Apply IBM InfoSphere Information Server version\u00a011.7.1.6--Apply IBM InfoSphere Information Server\u00a011.7.1.6 Service pack 3"
            }
          ],
          "title": "IBM DataStage Flow Designer application is affected by an information disclosure vulnerability",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2026-9836",
        "datePublished": "2026-06-30T19:04:55.838Z",
        "dateReserved": "2026-05-28T12:49:17.163Z",
        "dateUpdated": "2026-06-30T20:09:38.102Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-9002 (GCVE-0-2026-9002)

    Vulnerability from nvd – Published: 2026-06-30 19:08 – Updated: 2026-06-30 19:30
    VLAI
    Title
    IBM WebSphere eXtremes Scale is affected by uncontrolled resource consumption when XDF is enabled
    Summary
    IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 could allow an adjacent attacker to cause a denial of service due to improper validation in the XDF decoder. The application processes deeply nested Protocol Buffers messages and attacker-controlled length prefixes without sufficient bounds checking, which may allow an attacker on the same network to trigger a StackOverflowError or OutOfMemoryError, resulting in a crash of the WebSphere Application Server JVM.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7278346 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM WebSphere Extreme Scale Affected: 8.6.1.0 , ≤ 8.6.1.6 (semver)
        cpe:2.3:a:ibm:websphere_extreme_scale:8.6.1.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:websphere_extreme_scale:8.6.1.6:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-9002",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-30T19:30:23.440960Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T19:30:30.663Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:websphere_extreme_scale:8.6.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:websphere_extreme_scale:8.6.1.6:*:*:*:*:*:*:*"
              ],
              "product": "WebSphere Extreme Scale",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "8.6.1.6",
                  "status": "affected",
                  "version": "8.6.1.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 could allow an adjacent attacker to cause a denial of service due to improper validation in the XDF decoder. The application processes deeply nested Protocol Buffers messages and attacker-controlled length prefixes without sufficient bounds checking, which may allow an attacker on the same network to trigger a StackOverflowError or OutOfMemoryError, resulting in a crash of the WebSphere Application Server JVM.\u003c/p\u003e"
                }
              ],
              "value": "IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 could allow an adjacent attacker to cause a denial of service due to improper validation in the XDF decoder. The application processes deeply nested Protocol Buffers messages and attacker-controlled length prefixes without sufficient bounds checking, which may allow an attacker on the same network to trigger a StackOverflowError or OutOfMemoryError, resulting in a crash of the WebSphere Application Server JVM."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400 Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T19:08:43.309Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7278346"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eProduct\u003c/td\u003e\u003ctd\u003eVersion(s)\u003c/td\u003e\u003ctd\u003eAPAR\u003c/td\u003e\u003ctd\u003eRemediation/First Fix\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM WebSphere eXtreme Scale\u003c/td\u003e\u003ctd\u003e8.6.1.0 - 8.6.1.6\u003c/td\u003e\u003ctd\u003ePH71946\u00a0\u003c/td\u003e\u003ctd\u003e\u003cp\u003eFor older versions, upgrade to latest fixpack 8.6.1.6 and then apply the PH71946 iFix. If you are using 8.6.1.6\u00a0 directly apply the PH71946 iFix.\u003c/p\u003e\u003cp\u003e\u003ca href=\"http://www.ibm.com/support/docview.wss?uid=swg27018991\" rel=\"nofollow\"\u003eRecommended Fixes page for WebSphere eXtreme Scale\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e"
                }
              ],
              "value": "ProductVersion(s)APARRemediation/First FixIBM WebSphere eXtreme Scale8.6.1.0 - 8.6.1.6PH71946\u00a0\n\nFor older versions, upgrade to latest fixpack 8.6.1.6 and then apply the PH71946 iFix. If you are using 8.6.1.6\u00a0 directly apply the PH71946 iFix.\n\n\n\n Recommended Fixes page for WebSphere eXtreme Scale http://www.ibm.com/support/docview.wss"
            }
          ],
          "title": "IBM WebSphere eXtremes Scale is affected by uncontrolled resource consumption when XDF is enabled",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2026-9002",
        "datePublished": "2026-06-30T19:08:43.309Z",
        "dateReserved": "2026-05-19T13:37:18.171Z",
        "dateUpdated": "2026-06-30T19:30:30.663Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-7874 (GCVE-0-2026-7874)

    Vulnerability from nvd – Published: 2026-06-30 19:11 – Updated: 2026-07-02 03:55
    VLAI
    Title
    Weak Cryptographic Key Derivation Exposed All Stored Credentials
    Summary
    IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow disclosure of all stored credentials due to the use of a weak and reversible key derivation mechanism for encryption at rest.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-338 - Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7278447 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Langflow OSS Affected: 1.0.0 , ≤ 1.10.0 (semver)
        cpe:2.3:a:ibm:langflow_oss:1.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:langflow_oss:1.10.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Akshat Sinha (akshatgit) akshat14132@iiitd.ac.in https://github.com/akshatgit, (Kolega.dev ) kolega-ai-dev https://kolega.dev/, Christopher Lusk (north-echo) www.northecho.dev
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-7874",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-02T03:55:51.678Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:langflow_oss:1.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:langflow_oss:1.10.0:*:*:*:*:*:*:*"
              ],
              "product": "Langflow OSS",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "1.10.0",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Akshat Sinha (akshatgit) akshat14132@iiitd.ac.in https://github.com/akshatgit, (Kolega.dev ) kolega-ai-dev https://kolega.dev/, Christopher Lusk (north-echo) www.northecho.dev"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow disclosure of all stored credentials due to the use of a weak and reversible key derivation mechanism for encryption at rest.\u003c/p\u003e"
                }
              ],
              "value": "IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow disclosure of all stored credentials due to the use of a weak and reversible key derivation mechanism for encryption at rest."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-338",
                  "description": "CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T19:11:43.653Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7278447"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now by upgrading \u003ca href=\"https://pypi.org/project/langflow/\" rel=\"nofollow\"\u003eLangflow OSS to version 1.10.1\u003c/a\u003e\u003c/p\u003e"
                }
              ],
              "value": "IBM strongly recommends addressing the vulnerability now by upgrading Langflow OSS to version 1.10.1"
            }
          ],
          "title": "Weak Cryptographic Key Derivation Exposed All Stored Credentials",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2026-7874",
        "datePublished": "2026-06-30T19:11:43.653Z",
        "dateReserved": "2026-05-05T14:23:39.800Z",
        "dateUpdated": "2026-07-02T03:55:51.678Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-7873 (GCVE-0-2026-7873)

    Vulnerability from nvd – Published: 2026-06-30 19:13 – Updated: 2026-07-01 17:27
    VLAI
    Title
    Code Injection Vulnerability in Code Validation Endpoint
    Summary
    IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated attackers to execute arbitrary OS commands and read sensitive files including credentials, enabling complete system compromise and lateral movement.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7278441 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Langflow OSS Affected: 1.0.0 , ≤ 1.10.0 (semver)
        cpe:2.3:a:ibm:langflow_oss:1.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:langflow_oss:1.10.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-7873",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T03:55:58.606839Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T17:27:51.362Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:langflow_oss:1.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:langflow_oss:1.10.0:*:*:*:*:*:*:*"
              ],
              "product": "Langflow OSS",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "1.10.0",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated attackers to execute arbitrary OS commands and read sensitive files including credentials, enabling complete system compromise and lateral movement.\u003c/p\u003e"
                }
              ],
              "value": "IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated attackers to execute arbitrary OS commands and read sensitive files including credentials, enabling complete system compromise and lateral movement."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T19:13:16.331Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7278441"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now by upgrading \u003ca href=\"https://pypi.org/project/langflow/\" rel=\"nofollow\"\u003eLangflow OSS to version 1.10.1\u003c/a\u003e\u003c/p\u003e"
                }
              ],
              "value": "IBM strongly recommends addressing the vulnerability now by upgrading  Langflow OSS to version 1.10.1 https://pypi.org/project/langflow/"
            }
          ],
          "title": "Code Injection Vulnerability in Code Validation Endpoint",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2026-7873",
        "datePublished": "2026-06-30T19:13:16.331Z",
        "dateReserved": "2026-05-05T14:20:51.355Z",
        "dateUpdated": "2026-07-01T17:27:51.362Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-9074 (GCVE-0-2026-9074)

    Vulnerability from cvelistv5 – Published: 2026-07-08 15:24 – Updated: 2026-07-09 03:55
    VLAI
    Title
    IBM API Connect SQL Injection
    Summary
    IBM API Connect 10.0.8.0 through 10.0.8.9 and 12.1.0.0 through 12.1.0.3 contains an unauthenticated SQL injection vulnerability in the password reset functionality.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper neutralization of special elements used in an SQL command ('SQL injection')
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM API Connect Affected: 10.0.8.0 , < 10.0.8.9 (semver)
    Affected: 12.0 (semver)
        cpe:2.3:a:ibm:api_connect:10.0.8.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:api_connect:10.0.8.9:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:api_connect:12.1.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:api_connect:12.1.0.3:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-9074",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-08T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T03:55:49.087Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:api_connect:10.0.8.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:api_connect:10.0.8.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:api_connect:12.1.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:api_connect:12.1.0.3:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "API Connect",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThan": "10.0.8.9",
                  "status": "affected",
                  "version": "10.0.8.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "12.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM API Connect 10.0.8.0 through 10.0.8.9 and\u0026nbsp;\u003cspan\u003e12.1.0.0 through 12.1.0.3\u003c/span\u003e\u003cspan\u003e\u0026nbsp;contains an unauthenticated SQL injection vulnerability in the password reset functionality.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "IBM API Connect 10.0.8.0 through 10.0.8.9 and\u00a012.1.0.0 through 12.1.0.3\u00a0contains an unauthenticated SQL injection vulnerability in the password reset functionality."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 Improper neutralization of special elements used in an SQL command (\u0027SQL injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T15:31:46.331Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7278909"
            },
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7278218"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM API Connect SQL Injection",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2026-9074",
        "datePublished": "2026-07-08T15:24:38.566Z",
        "dateReserved": "2026-05-20T12:31:24.875Z",
        "dateUpdated": "2026-07-09T03:55:49.087Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-3144 (GCVE-0-2026-3144)

    Vulnerability from cvelistv5 – Published: 2026-07-08 15:22 – Updated: 2026-07-09 03:55
    VLAI
    Title
    IBM API Connect Default Credentials
    Summary
    IBM API Connect 12.1.0.0 through 12.1.0.3 uses default credentials which could allow an attacker to gain unauthorized access to the application before the system enforces a credential update.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7278909 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM API Connect Affected: 12.1.0.0 , < 12.1.0.3 (semver)
        cpe:2.3:a:ibm:api_connect:12.1.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:api_connect:12.1.0.3:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-3144",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-08T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T03:55:48.309Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:api_connect:12.1.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:api_connect:12.1.0.3:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "API Connect",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThan": "12.1.0.3",
                  "status": "affected",
                  "version": "12.1.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM API Connect 12.1.0.0 through 12.1.0.3 uses default credentials which could allow an attacker to gain unauthorized access to the application before the system enforces a credential update."
                }
              ],
              "value": "IBM API Connect 12.1.0.0 through 12.1.0.3 uses default credentials which could allow an attacker to gain unauthorized access to the application before the system enforces a credential update."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1392",
                  "description": "CWE-1392 Use of default credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T15:29:41.785Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7278909"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM API Connect Default Credentials",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2026-3144",
        "datePublished": "2026-07-08T15:22:31.263Z",
        "dateReserved": "2026-02-24T19:53:12.296Z",
        "dateUpdated": "2026-07-09T03:55:48.309Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-11541 (GCVE-0-2026-11541)

    Vulnerability from cvelistv5 – Published: 2026-06-30 20:56 – Updated: 2026-07-01 14:52
    VLAI
    Title
    IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by HTTP request smuggling
    Summary
    IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are affected by an HTTP request smuggling vulnerability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7277550 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM WebSphere Application Server Affected: 9.0
    Affected: 8.5
        cpe:2.3:a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:websphere_application_server:9.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:websphere_application_server:8.5.0:*:*:*:*:*:*:*
    Create a notification for this product.
    IBM WebSphere Application Server - Liberty Affected: 17.0.0.3 , ≤ 26.0.0.6 (semver)
        cpe:2.3:a:ibm:websphere_application_server___liberty:17.0.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:websphere_application_server___liberty:26.0.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-11541",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T14:52:04.153923Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T14:52:15.909Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:websphere_application_server:9.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:websphere_application_server:8.5.0:*:*:*:*:*:*:*"
              ],
              "product": "WebSphere Application Server",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.0"
                },
                {
                  "status": "affected",
                  "version": "8.5"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:ibm:websphere_application_server___liberty:17.0.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:websphere_application_server___liberty:26.0.0.6:*:*:*:*:*:*:*"
              ],
              "product": "WebSphere Application Server - Liberty",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "26.0.0.6",
                  "status": "affected",
                  "version": "17.0.0.3",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are affected by an HTTP request smuggling vulnerability.\u003c/p\u003e"
                }
              ],
              "value": "IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are affected by an HTTP request smuggling vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-444",
                  "description": "CWE-444 Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T20:56:04.135Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7277550"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now by applying a currently available interim fix or fix pack that contains the fix for APAR PH71808 and PH71706.\u0026nbsp;\u003c/p\u003e\u003cdiv\u003e\u003cp\u003e\u003cstrong\u003eFor IBM WebSphere Application Server Liberty 17.0.0.3 - 26.0.0.6:\u003c/strong\u003e\u003c/p\u003e\u003cp\u003e\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves \u003ca href=\"https://www.ibm.com/support/pages/node/7277460\" rel=\"nofollow\"\u003ePH71808\u003c/a\u003e\u003cbr\u003e--OR--\u003cbr\u003e\u00b7 Apply Fix Pack 26.0.0.7 or later (targeted availability 3Q2026).\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFor IBM WebSphere Application Server traditional:\u003c/strong\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFor V9.0.0.0 through 9.0.5.28:\u003c/strong\u003e\u003cbr\u003e\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves \u003ca href=\"https://www.ibm.com/support/pages/node/7277463\" rel=\"nofollow\"\u003ePH71706\u003c/a\u003e\u003cbr\u003e--OR--\u003cbr\u003e\u00b7 Apply Fix Pack 9.0.5.29 or later (targeted availability 3Q2026).\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFor V8.5.0.0 through 8.5.5.30:\u003c/strong\u003e\u003cbr\u003e\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves \u003ca href=\"https://www.ibm.com/support/pages/node/7277463\" rel=\"nofollow\"\u003ePH71706\u003c/a\u003e\u003cbr\u003e--OR--\u003cbr\u003e\u00b7 Apply Fix Pack 8.5.5.31 or later (targeted availability 3Q2026).\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003c/div\u003e\u003cp\u003eAdditional interim fixes may be available and linked off the interim fix download page.\u003c/p\u003e"
                }
              ],
              "value": "IBM strongly recommends addressing the vulnerability now by applying a currently available interim fix or fix pack that contains the fix for APAR PH71808 and PH71706.\u00a0\n\n\n\nFor IBM WebSphere Application Server Liberty 17.0.0.3 - 26.0.0.6:\n\n\n\n\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves  PH71808 https://www.ibm.com/support/pages/node/7277460 \n--OR--\n\u00b7 Apply Fix Pack 26.0.0.7 or later (targeted availability 3Q2026).\n\n\n\n\n\n\n\nFor IBM WebSphere Application Server traditional:\n\n\n\nFor V9.0.0.0 through 9.0.5.28:\n\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves  PH71706 https://www.ibm.com/support/pages/node/7277463 \n--OR--\n\u00b7 Apply Fix Pack 9.0.5.29 or later (targeted availability 3Q2026).\u00a0\n\n\n\nFor V8.5.0.0 through 8.5.5.30:\n\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves  PH71706 https://www.ibm.com/support/pages/node/7277463 \n--OR--\n\u00b7 Apply Fix Pack 8.5.5.31 or later (targeted availability 3Q2026).\u00a0\n\n\n\n\n\n\n\n\n\nAdditional interim fixes may be available and linked off the interim fix download page."
            }
          ],
          "title": "IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by HTTP request smuggling",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2026-11541",
        "datePublished": "2026-06-30T20:56:04.135Z",
        "dateReserved": "2026-06-08T02:55:08.653Z",
        "dateUpdated": "2026-07-01T14:52:15.909Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-11594 (GCVE-0-2026-11594)

    Vulnerability from cvelistv5 – Published: 2026-06-30 20:50 – Updated: 2026-07-01 14:29
    VLAI
    Title
    IBM WebSphere Application Server is affected by multiple cross-site scripting vulnerabilities
    Summary
    IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability in the administrative console.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7277546 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM WebSphere Application Server Affected: 9.0
    Affected: 8.5
        cpe:2.3:a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:websphere_application_server:9.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:websphere_application_server:8.5.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-11594",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T13:49:02.894633Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T14:29:19.691Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:websphere_application_server:9.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:websphere_application_server:8.5.0:*:*:*:*:*:*:*"
              ],
              "product": "WebSphere Application Server",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.0"
                },
                {
                  "status": "affected",
                  "version": "8.5"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability in the administrative console.\u003c/p\u003e"
                }
              ],
              "value": "IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability in the administrative console."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T20:50:34.772Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7277546"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now by applying a currently available interim fix or fix pack that contains the fix for APAR PH71757.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFor IBM WebSphere Application Server traditional:\u003c/strong\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFor V9.0.0.0 through 9.0.5.28:\u003c/strong\u003e\u003cbr/\u003e\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves \u003ca href=\"https://www.ibm.com/support/pages/node/7277464\" rel=\"nofollow\"\u003ePH71757\u003c/a\u003e\u003cbr/\u003e--OR--\u003cbr/\u003e\u00b7 Apply Fix Pack 9.0.5.29 or later (targeted availability 3Q2026).\u00a0\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFor V8.5.0.0 through 8.5.5.29:\u003c/strong\u003e\u003cbr/\u003e\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves \u003ca href=\"https://www.ibm.com/support/pages/node/7277464\" rel=\"nofollow\"\u003ePH71757\u003c/a\u003e\u003cbr/\u003e--OR--\u003cbr/\u003e\u00b7 Apply Fix Pack 8.5.5.30 or later (targeted availability 3Q2026).\u00a0\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eAdditional interim fixes may be available and linked off the interim fix download page.\u003c/p\u003e"
                }
              ],
              "value": "IBM strongly recommends addressing the vulnerability now by applying a currently available interim fix or fix pack that contains the fix for APAR PH71757.\n\n\n\nFor IBM WebSphere Application Server traditional:\n\n\n\nFor V9.0.0.0 through 9.0.5.28:\n\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves  PH71757 https://www.ibm.com/support/pages/node/7277464 \n--OR--\n\u00b7 Apply Fix Pack 9.0.5.29 or later (targeted availability 3Q2026).\u00a0\n\n\n\nFor V8.5.0.0 through 8.5.5.29:\n\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves  PH71757 https://www.ibm.com/support/pages/node/7277464 \n--OR--\n\u00b7 Apply Fix Pack 8.5.5.30 or later (targeted availability 3Q2026).\u00a0\n\n\n\n\n\n\n\nAdditional interim fixes may be available and linked off the interim fix download page."
            }
          ],
          "title": "IBM WebSphere Application Server is affected by multiple cross-site scripting vulnerabilities",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2026-11594",
        "datePublished": "2026-06-30T20:50:34.772Z",
        "dateReserved": "2026-06-08T14:06:40.450Z",
        "dateUpdated": "2026-07-01T14:29:19.691Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-12530 (GCVE-0-2025-12530)

    Vulnerability from cvelistv5 – Published: 2026-06-30 20:34 – Updated: 2026-07-01 14:51
    VLAI
    Title
    Vulnerabilities found in Watson Data Intelligence
    Summary
    IBM watsonx.data intelligence 5.2.2, 5.3.0, 5.3.1, 5.3.1 through patch-1 transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-319 - Cleartext Transmission of Sensitive Information
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7277802 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM watsonx.data intelligence Affected: 5.2.2, 5.3.0, 5.3.1, 5.3.1 (semver)
        cpe:2.3:a:ibm:watsonxdata_intelligence:5.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:watsonxdata_intelligence:patch-1:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-12530",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T14:51:16.107572Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T14:51:30.286Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:watsonxdata_intelligence:5.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:watsonxdata_intelligence:patch-1:*:*:*:*:*:*:*"
              ],
              "product": "watsonx.data intelligence",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.2.2, 5.3.0, 5.3.1, 5.3.1",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM watsonx.data intelligence 5.2.2, 5.3.0, 5.3.1, 5.3.1 through patch-1 transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques.\u003c/p\u003e"
                }
              ],
              "value": "IBM watsonx.data intelligence 5.2.2, 5.3.0, 5.3.1, 5.3.1 through patch-1 transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-319",
                  "description": "CWE-319 Cleartext Transmission of Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T20:34:09.566Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7277802"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003ctable\u003e\u003ccolgroup\u003e\u003ccol/\u003e\u003ccol/\u003e\u003ccol/\u003e\u003c/colgroup\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eAffected Product\u003c/td\u003e\u003ctd\u003eFixed Versions\u003c/td\u003e\u003ctd\u003eInstructions\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM watsonx.data intelligence 5.2.2 - 5.3.1-patch1\u003c/td\u003e\u003ctd\u003e5.3.1-patch3\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/docs/en/watsonx/wdi/2.3.x?topic=new-watsonxdata-intelligence\" rel=\"nofollow\"\u003ehttps://www.ibm.com/docs/en/watsonx/wdi/2.3.x?topic=new-watsonxdata-intelligence\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003eIBM strongly advises upgrading as soon as possible\u003c/p\u003e"
                }
              ],
              "value": "Affected ProductFixed VersionsInstructionsIBM watsonx.data intelligence 5.2.2 - 5.3.1-patch15.3.1-patch3 https://www.ibm.com/docs/en/watsonx/wdi/2.3.x?topic=new-watsonxdata-intelligence \n\n\n\nIBM strongly advises upgrading as soon as possible"
            }
          ],
          "title": "Vulnerabilities found in Watson Data Intelligence",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-12530",
        "datePublished": "2026-06-30T20:34:09.566Z",
        "dateReserved": "2025-10-30T18:13:49.495Z",
        "dateUpdated": "2026-07-01T14:51:30.286Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-36319 (GCVE-0-2025-36319)

    Vulnerability from cvelistv5 – Published: 2026-06-30 20:23 – Updated: 2026-07-01 15:45
    VLAI
    Title
    Vulnerabilities found in Watson Data Intelligence
    Summary
    IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow an authenticated user to cause a temporary denial using a specially crafted HTTP request due to improper allocation of resource throttling.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7277801 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM watsonx.data intelligence Affected: 5.2.0, 5.2.1, 5.2.2, 5.3.0
        cpe:2.3:a:ibm:watsonxdata_intelligence:5.2.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-36319",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T15:44:59.080371Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T15:45:10.304Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:watsonxdata_intelligence:5.2.0:*:*:*:*:*:*:*"
              ],
              "product": "watsonx.data intelligence",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.2.0, 5.2.1, 5.2.2, 5.3.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow an authenticated user to cause a temporary denial using a specially crafted HTTP request due to improper allocation of resource throttling.\u003c/p\u003e"
                }
              ],
              "value": "IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow an authenticated user to cause a temporary denial using a specially crafted HTTP request due to improper allocation of resource throttling."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T20:23:09.020Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7277801"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003ctable\u003e\u003ccolgroup\u003e\u003ccol/\u003e\u003ccol/\u003e\u003ccol/\u003e\u003c/colgroup\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eAffected product\u003c/td\u003e\u003ctd\u003eFixed in release\u003c/td\u003e\u003ctd\u003eInstructions\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM watsonx.data intelligence 5.2.0 - 5.3.0\u003c/td\u003e\u003ctd\u003e5.3.1\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/docs/en/watsonx/wdi/2.3.x?topic=new-watsonxdata-intelligence\" rel=\"nofollow\"\u003ehttps://www.ibm.com/docs/en/watsonx/wdi/2.3.x?topic=new-watsonxdata-intelligence\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003eIBM strongly advises upgrading as soon as possible\u003c/p\u003e"
                }
              ],
              "value": "Affected productFixed in releaseInstructionsIBM watsonx.data intelligence 5.2.0 - 5.3.05.3.1 https://www.ibm.com/docs/en/watsonx/wdi/2.3.x?topic=new-watsonxdata-intelligence \n\n\n\nIBM strongly advises upgrading as soon as possible"
            }
          ],
          "title": "Vulnerabilities found in Watson Data Intelligence",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-36319",
        "datePublished": "2026-06-30T20:23:09.020Z",
        "dateReserved": "2025-04-15T21:16:50.580Z",
        "dateUpdated": "2026-07-01T15:45:10.304Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-36320 (GCVE-0-2025-36320)

    Vulnerability from cvelistv5 – Published: 2026-06-30 20:22 – Updated: 2026-07-01 12:57
    VLAI
    Title
    Vulnerabilities found in Watson Data Intelligence
    Summary
    IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7277801 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM watsonx.data intelligence Affected: 5.2.0, 5.2.1, 5.2.2, 5.3.0
        cpe:2.3:a:ibm:watsonxdata_intelligence:5.2.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-36320",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T12:57:00.491605Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T12:57:14.317Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:watsonxdata_intelligence:5.2.0:*:*:*:*:*:*:*"
              ],
              "product": "watsonx.data intelligence",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.2.0, 5.2.1, 5.2.2, 5.3.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.\u003c/p\u003e"
                }
              ],
              "value": "IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T20:22:12.916Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7277801"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003ctable\u003e\u003ccolgroup\u003e\u003ccol/\u003e\u003ccol/\u003e\u003ccol/\u003e\u003c/colgroup\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eAffected product\u003c/td\u003e\u003ctd\u003eFixed in release\u003c/td\u003e\u003ctd\u003eInstructions\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM watsonx.data intelligence 5.2.0 - 5.3.0\u003c/td\u003e\u003ctd\u003e5.3.1\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/docs/en/watsonx/wdi/2.3.x?topic=new-watsonxdata-intelligence\" rel=\"nofollow\"\u003ehttps://www.ibm.com/docs/en/watsonx/wdi/2.3.x?topic=new-watsonxdata-intelligence\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003eIBM strongly advises upgrading as soon as possible\u003c/p\u003e"
                }
              ],
              "value": "Affected productFixed in releaseInstructionsIBM watsonx.data intelligence 5.2.0 - 5.3.05.3.1 https://www.ibm.com/docs/en/watsonx/wdi/2.3.x?topic=new-watsonxdata-intelligence \n\n\n\nIBM strongly advises upgrading as soon as possible"
            }
          ],
          "title": "Vulnerabilities found in Watson Data Intelligence",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-36320",
        "datePublished": "2026-06-30T20:22:12.916Z",
        "dateReserved": "2025-04-15T21:16:51.461Z",
        "dateUpdated": "2026-07-01T12:57:14.317Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-36321 (GCVE-0-2025-36321)

    Vulnerability from cvelistv5 – Published: 2026-06-30 20:19 – Updated: 2026-07-01 13:59
    VLAI
    Title
    Vulnerabilities found in Watson Data Intelligence
    Summary
    IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7277801 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM watsonx.data intelligence Affected: 5.2.0, 5.2.1, 5.2.2, 5.3.0
        cpe:2.3:a:ibm:watsonxdata_intelligence:5.2.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-36321",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T13:59:46.167425Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T13:59:54.456Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:watsonxdata_intelligence:5.2.0:*:*:*:*:*:*:*"
              ],
              "product": "watsonx.data intelligence",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.2.0, 5.2.1, 5.2.2, 5.3.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim\u0027s Web browser within the security context of the hosting site.\u003c/p\u003e"
                }
              ],
              "value": "IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim\u0027s Web browser within the security context of the hosting site."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-80",
                  "description": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T20:19:53.940Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7277801"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003ctable\u003e\u003ccolgroup\u003e\u003ccol/\u003e\u003ccol/\u003e\u003ccol/\u003e\u003c/colgroup\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eAffected product\u003c/td\u003e\u003ctd\u003eFixed in release\u003c/td\u003e\u003ctd\u003eInstructions\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM watsonx.data intelligence 5.2.0 - 5.3.0\u003c/td\u003e\u003ctd\u003e5.3.1\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/docs/en/watsonx/wdi/2.3.x?topic=new-watsonxdata-intelligence\" rel=\"nofollow\"\u003ehttps://www.ibm.com/docs/en/watsonx/wdi/2.3.x?topic=new-watsonxdata-intelligence\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003eIBM strongly advises upgrading as soon as possible\u003c/p\u003e"
                }
              ],
              "value": "Affected productFixed in releaseInstructionsIBM watsonx.data intelligence 5.2.0 - 5.3.05.3.1 https://www.ibm.com/docs/en/watsonx/wdi/2.3.x?topic=new-watsonxdata-intelligence \n\n\n\nIBM strongly advises upgrading as soon as possible"
            }
          ],
          "title": "Vulnerabilities found in Watson Data Intelligence",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-36321",
        "datePublished": "2026-06-30T20:19:53.940Z",
        "dateReserved": "2025-04-15T21:16:51.461Z",
        "dateUpdated": "2026-07-01T13:59:54.456Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-36323 (GCVE-0-2025-36323)

    Vulnerability from cvelistv5 – Published: 2026-06-30 20:19 – Updated: 2026-07-01 13:23
    VLAI
    Title
    Vulnerabilities found in Watson Data Intelligence
    Summary
    IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7277801 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM watsonx.data intelligence Affected: 5.2.0, 5.2.1, 5.2.2, 5.3.0
        cpe:2.3:a:ibm:watsonxdata_intelligence:5.2.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-36323",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T13:22:56.991964Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T13:23:06.695Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:watsonxdata_intelligence:5.2.0:*:*:*:*:*:*:*"
              ],
              "product": "watsonx.data intelligence",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.2.0, 5.2.1, 5.2.2, 5.3.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.\u003c/p\u003e"
                }
              ],
              "value": "IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T20:19:08.912Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7277801"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003ctable\u003e\u003ccolgroup\u003e\u003ccol/\u003e\u003ccol/\u003e\u003ccol/\u003e\u003c/colgroup\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eAffected product\u003c/td\u003e\u003ctd\u003eFixed in release\u003c/td\u003e\u003ctd\u003eInstructions\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM watsonx.data intelligence 5.2.0 - 5.3.0\u003c/td\u003e\u003ctd\u003e5.3.1\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/docs/en/watsonx/wdi/2.3.x?topic=new-watsonxdata-intelligence\" rel=\"nofollow\"\u003ehttps://www.ibm.com/docs/en/watsonx/wdi/2.3.x?topic=new-watsonxdata-intelligence\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003eIBM strongly advises upgrading as soon as possible\u003c/p\u003e"
                }
              ],
              "value": "Affected productFixed in releaseInstructionsIBM watsonx.data intelligence 5.2.0 - 5.3.05.3.1 https://www.ibm.com/docs/en/watsonx/wdi/2.3.x?topic=new-watsonxdata-intelligence \n\n\n\nIBM strongly advises upgrading as soon as possible"
            }
          ],
          "title": "Vulnerabilities found in Watson Data Intelligence",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-36323",
        "datePublished": "2026-06-30T20:19:08.912Z",
        "dateReserved": "2025-04-15T21:16:51.462Z",
        "dateUpdated": "2026-07-01T13:23:06.695Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-36324 (GCVE-0-2025-36324)

    Vulnerability from cvelistv5 – Published: 2026-06-30 20:18 – Updated: 2026-07-01 14:29
    VLAI
    Title
    Vulnerabilities found in Watson Data Intelligence
    Summary
    IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 s vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7277801 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM watsonx.data intelligence Affected: 5.2.0, 5.2.1, 5.2.2, 5.3.0
        cpe:2.3:a:ibm:watsonxdata_intelligence:5.2.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-36324",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T13:49:15.376483Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T14:29:28.435Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:watsonxdata_intelligence:5.2.0:*:*:*:*:*:*:*"
              ],
              "product": "watsonx.data intelligence",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.2.0, 5.2.1, 5.2.2, 5.3.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 s vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.\u003c/p\u003e"
                }
              ],
              "value": "IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 s vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918 Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T20:18:12.358Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7277801"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003ctable\u003e\u003ccolgroup\u003e\u003ccol/\u003e\u003ccol/\u003e\u003ccol/\u003e\u003c/colgroup\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eAffected product\u003c/td\u003e\u003ctd\u003eFixed in release\u003c/td\u003e\u003ctd\u003eInstructions\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM watsonx.data intelligence 5.2.0 - 5.3.0\u003c/td\u003e\u003ctd\u003e5.3.1\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/docs/en/watsonx/wdi/2.3.x?topic=new-watsonxdata-intelligence\" rel=\"nofollow\"\u003ehttps://www.ibm.com/docs/en/watsonx/wdi/2.3.x?topic=new-watsonxdata-intelligence\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003eIBM strongly advises upgrading as soon as possible\u003c/p\u003e"
                }
              ],
              "value": "Affected productFixed in releaseInstructionsIBM watsonx.data intelligence 5.2.0 - 5.3.05.3.1 https://www.ibm.com/docs/en/watsonx/wdi/2.3.x?topic=new-watsonxdata-intelligence \n\n\n\nIBM strongly advises upgrading as soon as possible"
            }
          ],
          "title": "Vulnerabilities found in Watson Data Intelligence",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-36324",
        "datePublished": "2026-06-30T20:18:12.358Z",
        "dateReserved": "2025-04-15T21:16:51.462Z",
        "dateUpdated": "2026-07-01T14:29:28.435Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CERTFR-2026-AVI-0834

    Vulnerability from certfr_avis - Published: 2026-07-03 - Updated: 2026-07-03

    De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    IBM WebSphere WebSphere Application Server versions 9.x antérieures à 9.0.5.29
    IBM Db2 Db2 Genius Hub versions antérieures à 1.1.3
    IBM Db2 Db2 Big SQL on IBM Software Hub versions antérieures à 5.4
    IBM WebSphere WebSphere Remote Server versions 9.x antérieures à 9.0.5.29
    IBM N/A SOAR QRadar Plugin App versions antérieures à 5.6.5
    IBM WebSphere WebSphere Remote Server versions 8.5.x antérieures à 8.5.5.31
    IBM WebSphere WebSphere Application Server versions 8.x antérieures à 8.5.5.31
    IBM WebSphere WebSphere Application Server Liberty versions antérieures à 26.0.0.8
    References
    Bulletin de sécurité IBM 7278360 2026-06-29 vendor-advisory
    Bulletin de sécurité IBM 7279004 2026-07-02 vendor-advisory
    Bulletin de sécurité IBM 7278998 2026-07-02 vendor-advisory
    Bulletin de sécurité IBM 7278996 2026-07-02 vendor-advisory
    Bulletin de sécurité IBM 7278993 2026-07-02 vendor-advisory
    Bulletin de sécurité IBM 7279001 2026-07-02 vendor-advisory
    Bulletin de sécurité IBM 7278935 2026-07-02 vendor-advisory
    Bulletin de sécurité IBM 7278590 2026-06-30 vendor-advisory
    Bulletin de sécurité IBM 7278148 2026-06-26 vendor-advisory
    Bulletin de sécurité IBM 7279002 2026-07-02 vendor-advisory
    Bulletin de sécurité IBM 7278995 2026-07-02 vendor-advisory
    Bulletin de sécurité IBM 7278997 2026-07-02 vendor-advisory
    Bulletin de sécurité IBM 7278990 2026-07-02 vendor-advisory
    Bulletin de sécurité IBM 7278358 2026-06-29 vendor-advisory
    Bulletin de sécurité IBM 7278989 2026-07-02 vendor-advisory
    Bulletin de sécurité IBM 7278576 2026-06-30 vendor-advisory
    Bulletin de sécurité IBM 7278572 2026-06-30 vendor-advisory
    Bulletin de sécurité IBM 7278580 2026-06-30 vendor-advisory
    Bulletin de sécurité IBM 7278398 2026-06-29 vendor-advisory
    Bulletin de sécurité IBM 7278359 2026-06-29 vendor-advisory
    Bulletin de sécurité IBM 7279003 2026-07-02 vendor-advisory
    Bulletin de sécurité IBM 7278103 2026-06-26 vendor-advisory
    Bulletin de sécurité IBM 7278593 2026-06-30 vendor-advisory
    Bulletin de sécurité IBM 7278399 2026-06-29 vendor-advisory

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "WebSphere Application Server versions 9.x ant\u00e9rieures \u00e0 9.0.5.29",
          "product": {
            "name": "WebSphere",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Db2 Genius Hub versions ant\u00e9rieures \u00e0 1.1.3",
          "product": {
            "name": "Db2",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Db2 Big SQL on IBM Software Hub versions ant\u00e9rieures \u00e0 5.4",
          "product": {
            "name": "Db2",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "WebSphere Remote Server versions 9.x ant\u00e9rieures \u00e0 9.0.5.29",
          "product": {
            "name": "WebSphere",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "SOAR QRadar Plugin App versions ant\u00e9rieures \u00e0 5.6.5",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "WebSphere Remote Server versions 8.5.x ant\u00e9rieures \u00e0 8.5.5.31",
          "product": {
            "name": "WebSphere",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "WebSphere Application Server versions 8.x ant\u00e9rieures \u00e0 8.5.5.31",
          "product": {
            "name": "WebSphere",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "WebSphere Application Server Liberty versions ant\u00e9rieures \u00e0 26.0.0.8",
          "product": {
            "name": "WebSphere",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2026-50645",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-50645"
        },
        {
          "name": "CVE-2026-11383",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11383"
        },
        {
          "name": "CVE-2026-42041",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42041"
        },
        {
          "name": "CVE-2026-39892",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-39892"
        },
        {
          "name": "CVE-2024-7531",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-7531"
        },
        {
          "name": "CVE-2021-3572",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-3572"
        },
        {
          "name": "CVE-2026-44432",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-44432"
        },
        {
          "name": "CVE-2025-14688",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-14688"
        },
        {
          "name": "CVE-2026-9171",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9171"
        },
        {
          "name": "CVE-2024-12086",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-12086"
        },
        {
          "name": "CVE-2026-1577",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-1577"
        },
        {
          "name": "CVE-2025-6069",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-6069"
        },
        {
          "name": "CVE-2026-2391",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-2391"
        },
        {
          "name": "CVE-2026-9072",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9072"
        },
        {
          "name": "CVE-2026-24737",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-24737"
        },
        {
          "name": "CVE-2026-8858",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-8858"
        },
        {
          "name": "CVE-2026-7246",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-7246"
        },
        {
          "name": "CVE-2025-15284",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-15284"
        },
        {
          "name": "CVE-2026-22029",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-22029"
        },
        {
          "name": "CVE-2026-11541",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11541"
        },
        {
          "name": "CVE-2025-1371",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-1371"
        },
        {
          "name": "CVE-2026-11707",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11707"
        },
        {
          "name": "CVE-2026-11546",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11546"
        },
        {
          "name": "CVE-2026-42036",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42036"
        },
        {
          "name": "CVE-2021-23337",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-23337"
        },
        {
          "name": "CVE-2026-11594",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11594"
        },
        {
          "name": "CVE-2025-8291",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-8291"
        },
        {
          "name": "CVE-2025-64718",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-64718"
        },
        {
          "name": "CVE-2026-24043",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-24043"
        },
        {
          "name": "CVE-2025-13755",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-13755"
        },
        {
          "name": "CVE-2025-62718",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-62718"
        },
        {
          "name": "CVE-2026-4800",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-4800"
        },
        {
          "name": "CVE-2026-6051",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-6051"
        },
        {
          "name": "CVE-2025-50182",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-50182"
        },
        {
          "name": "CVE-2026-33671",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-33671"
        },
        {
          "name": "CVE-2026-33532",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-33532"
        },
        {
          "name": "CVE-2025-68470",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-68470"
        },
        {
          "name": "CVE-2026-42033",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42033"
        },
        {
          "name": "CVE-2026-42035",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42035"
        },
        {
          "name": "CVE-2026-11536",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11536"
        },
        {
          "name": "CVE-2025-50181",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-50181"
        },
        {
          "name": "CVE-2025-1795",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-1795"
        },
        {
          "name": "CVE-2026-33750",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-33750"
        },
        {
          "name": "CVE-2026-42043",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42043"
        },
        {
          "name": "CVE-2026-8646",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-8646"
        },
        {
          "name": "CVE-2026-33228",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-33228"
        },
        {
          "name": "CVE-2026-9320",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9320"
        },
        {
          "name": "CVE-2026-6053",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-6053"
        },
        {
          "name": "CVE-2025-68161",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-68161"
        },
        {
          "name": "CVE-2024-29869",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-29869"
        },
        {
          "name": "CVE-2026-42040",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42040"
        },
        {
          "name": "CVE-2026-4923",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-4923"
        },
        {
          "name": "CVE-2026-6052",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-6052"
        },
        {
          "name": "CVE-2025-1377",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-1377"
        },
        {
          "name": "CVE-2026-27903",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-27903"
        },
        {
          "name": "CVE-2024-25260",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-25260"
        },
        {
          "name": "CVE-2026-24133",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-24133"
        },
        {
          "name": "CVE-2026-10845",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10845"
        },
        {
          "name": "CVE-2026-2327",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-2327"
        },
        {
          "name": "CVE-2026-2950",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-2950"
        },
        {
          "name": "CVE-2026-3676",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-3676"
        },
        {
          "name": "CVE-2026-1352",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-1352"
        },
        {
          "name": "CVE-2025-1376",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-1376"
        },
        {
          "name": "CVE-2025-69873",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-69873"
        },
        {
          "name": "CVE-2025-67735",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-67735"
        },
        {
          "name": "CVE-2025-36122",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-36122"
        },
        {
          "name": "CVE-2026-25940",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-25940"
        },
        {
          "name": "CVE-2026-24040",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-24040"
        },
        {
          "name": "CVE-2026-42038",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42038"
        },
        {
          "name": "CVE-2026-11708",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11708"
        },
        {
          "name": "CVE-2026-42039",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42039"
        },
        {
          "name": "CVE-2026-25755",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-25755"
        },
        {
          "name": "CVE-2026-33672",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-33672"
        },
        {
          "name": "CVE-2025-58181",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-58181"
        },
        {
          "name": "CVE-2025-47914",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-47914"
        },
        {
          "name": "CVE-2025-4516",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-4516"
        },
        {
          "name": "CVE-2026-25639",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-25639"
        },
        {
          "name": "CVE-2026-42044",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42044"
        },
        {
          "name": "CVE-2026-11595",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11595"
        },
        {
          "name": "CVE-2026-11714",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11714"
        },
        {
          "name": "CVE-2026-25535",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-25535"
        },
        {
          "name": "CVE-2026-42034",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42034"
        },
        {
          "name": "CVE-2026-9322",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9322"
        },
        {
          "name": "CVE-2026-31938",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31938"
        },
        {
          "name": "CVE-2025-48924",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-48924"
        },
        {
          "name": "CVE-2026-6938",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-6938"
        },
        {
          "name": "CVE-2026-11712",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11712"
        },
        {
          "name": "CVE-2026-44431",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-44431"
        },
        {
          "name": "CVE-2026-42264",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42264"
        },
        {
          "name": "CVE-2026-13772",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-13772"
        },
        {
          "name": "CVE-2026-32141",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-32141"
        },
        {
          "name": "CVE-2026-42037",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42037"
        },
        {
          "name": "CVE-2026-42042",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42042"
        },
        {
          "name": "CVE-2026-9071",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9071"
        },
        {
          "name": "CVE-2026-9006",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9006"
        },
        {
          "name": "CVE-2026-31898",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31898"
        },
        {
          "name": "CVE-2026-24001",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-24001"
        },
        {
          "name": "CVE-2023-24056",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-24056"
        },
        {
          "name": "CVE-2024-24786",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-24786"
        },
        {
          "name": "CVE-2026-10852",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10852"
        },
        {
          "name": "CVE-2026-27212",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-27212"
        },
        {
          "name": "CVE-2025-12183",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-12183"
        },
        {
          "name": "CVE-2026-29063",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-29063"
        },
        {
          "name": "CVE-2025-68428",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-68428"
        },
        {
          "name": "CVE-2025-13465",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-13465"
        },
        {
          "name": "CVE-2026-4926",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-4926"
        },
        {
          "name": "CVE-2026-1718",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-1718"
        },
        {
          "name": "CVE-2026-27904",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-27904"
        }
      ],
      "initial_release_date": "2026-07-03T00:00:00",
      "last_revision_date": "2026-07-03T00:00:00",
      "links": [],
      "reference": "CERTFR-2026-AVI-0834",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2026-07-03T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        },
        {
          "description": "Injection de code indirecte \u00e0 distance (XSS)"
        },
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        },
        {
          "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
        },
        {
          "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
        },
        {
          "description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        },
        {
          "description": "\u00c9l\u00e9vation de privil\u00e8ges"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
      "vendor_advisories": [
        {
          "published_at": "2026-06-29",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7278360",
          "url": "https://www.ibm.com/support/pages/node/7278360"
        },
        {
          "published_at": "2026-07-02",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7279004",
          "url": "https://www.ibm.com/support/pages/node/7279004"
        },
        {
          "published_at": "2026-07-02",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7278998",
          "url": "https://www.ibm.com/support/pages/node/7278998"
        },
        {
          "published_at": "2026-07-02",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7278996",
          "url": "https://www.ibm.com/support/pages/node/7278996"
        },
        {
          "published_at": "2026-07-02",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7278993",
          "url": "https://www.ibm.com/support/pages/node/7278993"
        },
        {
          "published_at": "2026-07-02",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7279001",
          "url": "https://www.ibm.com/support/pages/node/7279001"
        },
        {
          "published_at": "2026-07-02",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7278935",
          "url": "https://www.ibm.com/support/pages/node/7278935"
        },
        {
          "published_at": "2026-06-30",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7278590",
          "url": "https://www.ibm.com/support/pages/node/7278590"
        },
        {
          "published_at": "2026-06-26",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7278148",
          "url": "https://www.ibm.com/support/pages/node/7278148"
        },
        {
          "published_at": "2026-07-02",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7279002",
          "url": "https://www.ibm.com/support/pages/node/7279002"
        },
        {
          "published_at": "2026-07-02",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7278995",
          "url": "https://www.ibm.com/support/pages/node/7278995"
        },
        {
          "published_at": "2026-07-02",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7278997",
          "url": "https://www.ibm.com/support/pages/node/7278997"
        },
        {
          "published_at": "2026-07-02",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7278990",
          "url": "https://www.ibm.com/support/pages/node/7278990"
        },
        {
          "published_at": "2026-06-29",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7278358",
          "url": "https://www.ibm.com/support/pages/node/7278358"
        },
        {
          "published_at": "2026-07-02",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7278989",
          "url": "https://www.ibm.com/support/pages/node/7278989"
        },
        {
          "published_at": "2026-06-30",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7278576",
          "url": "https://www.ibm.com/support/pages/node/7278576"
        },
        {
          "published_at": "2026-06-30",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7278572",
          "url": "https://www.ibm.com/support/pages/node/7278572"
        },
        {
          "published_at": "2026-06-30",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7278580",
          "url": "https://www.ibm.com/support/pages/node/7278580"
        },
        {
          "published_at": "2026-06-29",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7278398",
          "url": "https://www.ibm.com/support/pages/node/7278398"
        },
        {
          "published_at": "2026-06-29",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7278359",
          "url": "https://www.ibm.com/support/pages/node/7278359"
        },
        {
          "published_at": "2026-07-02",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7279003",
          "url": "https://www.ibm.com/support/pages/node/7279003"
        },
        {
          "published_at": "2026-06-26",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7278103",
          "url": "https://www.ibm.com/support/pages/node/7278103"
        },
        {
          "published_at": "2026-06-30",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7278593",
          "url": "https://www.ibm.com/support/pages/node/7278593"
        },
        {
          "published_at": "2026-06-29",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7278399",
          "url": "https://www.ibm.com/support/pages/node/7278399"
        }
      ]
    }