Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Network-accessible error disclosure requiring authenticated low-privilege access; only limited confidentiality impact with no integrity or availability consequence.
Primary rating from Vendor (ibm).
CVSS VectorVendor: ibm
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
1DescriptionCVE.org
IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
AnalysisAI
IBM watsonx.data Intelligence versions 5.2.0 through 5.3.0 leak sensitive technical information to the browser via verbose error messages, giving authenticated remote attackers a reconnaissance foothold for follow-on attacks. The flaw is rooted in CWE-209 (overly informative error generation), which can expose stack traces, internal paths, backend technology details, or configuration fragments depending on what error condition is triggered. No public exploit code has been identified and no active exploitation is confirmed; the mandatory authentication barrier (PR:L) and information-only impact limit immediate blast radius, but the data gathered can materially assist more sophisticated attacks against the same system.
Technical ContextAI
CWE-209 (Generation of Error Message Containing Sensitive Information) describes failures in error-handling logic that return internal diagnostic detail - such as stack traces, file system paths, database schema hints, or runtime configuration values - to the client rather than a sanitized generic message. IBM watsonx.data Intelligence is an enterprise data lakehouse platform built on an open data architecture; the affected CPE is cpe:2.3:a:ibm:watsonx.data_intelligence:*:*:*:*:*:*:*:*. The vulnerability resides in the browser-facing application layer, meaning that any error condition reachable via the web interface may surface internal implementation detail. Such information is typically innocuous in isolation but becomes operationally useful when combined with other vulnerabilities or used to fingerprint internal architecture for targeted exploitation.
RemediationAI
Patch available per vendor advisory - consult and apply the fix documented in the IBM Security Bulletin at https://www.ibm.com/support/pages/node/7277801. The exact patched release version is not independently confirmed from the available data beyond the advisory reference, so administrators should refer directly to that bulletin for the target upgrade version. As a compensating control prior to patching, configure the application's web tier or a fronting reverse proxy or WAF to intercept and replace verbose error responses with generic messages before they reach the browser; this eliminates the disclosure channel but may reduce visibility into legitimate application errors in non-production environments, so it should be applied selectively. Additionally, enforce strict least-privilege access controls to limit the pool of authenticated users who can reach the application and trigger error conditions, and implement monitoring or alerting for anomalous patterns of error-inducing requests that could indicate active reconnaissance.
More in Watsonx Data Intelligence
View allClient-side enforcement of server-side security in IBM watsonx.data Intelligence versions 5.2.0 through 5.3.0 allows an
Stored cross-site scripting in IBM watsonx.data intelligence versions 5.2.0 through 5.3.0 allows authenticated low-privi
Cleartext data transmission in IBM watsonx.data intelligence versions 5.2.2 through 5.3.1 (including patch-1) exposes se
Cleartext transmission in IBM watsonx.data intelligence versions 5.2.0 through 5.3.0 exposes sensitive data to intercept
HTML injection in IBM watsonx.data Intelligence versions 5.2.0 through 5.3.0 enables a remote authenticated attacker to
Cross-site scripting in IBM watsonx.data Intelligence 5.2.0 through 5.3.0 allows low-privileged authenticated users to i
Temporary denial of service in IBM watsonx.data intelligence 5.2.0 through 5.3.0 is achievable by authenticated users wh
IBM watsonx.data Intelligence versions 5.2.0 through 5.3.0 exposes authenticated users to unauthorized action execution
Server-side request forgery in IBM watsonx.data intelligence versions 5.2.0 through 5.3.0 enables authenticated attacker
Same weakness CWE-209 – Error Message Information Leak
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-210377
GHSA-4gc8-mc9c-c46r