Severity by source
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Network vector and no auth align with passive MITM interception; AC:H reflects required network positioning; only confidentiality is impacted with no integrity or availability loss.
Primary rating from Vendor (ibm).
CVSS VectorVendor: ibm
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionCVE.org
IBM watsonx.data intelligence 5.2.2, 5.3.0, 5.3.1, 5.3.1 through patch-1 transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques.
AnalysisAI
Cleartext data transmission in IBM watsonx.data intelligence versions 5.2.2 through 5.3.1 (including patch-1) exposes sensitive information to network interception by a man-in-the-middle adversary. The platform transmits certain data without encryption, enabling an attacker positioned on the network path to capture confidential content in transit. No active exploitation has been confirmed (not in CISA KEV), and no public exploit code has been identified; however, the CVSS High confidentiality impact (C:H) signals that the interceptable data is substantively sensitive, likely including queries, credentials, or intelligence payloads.
Technical ContextAI
CWE-319 (Cleartext Transmission of Sensitive Information) describes the failure to use an encrypted channel when transmitting data that requires confidentiality. IBM watsonx.data intelligence - identified by CPE cpe:2.3:a:ibm:watsonx.data_intelligence - is an enterprise AI and data intelligence platform. The root cause here is that one or more communication paths within the platform (component-to-component or client-to-server) operate over unencrypted channels, bypassing TLS or equivalent transport-layer security. This is a protocol-configuration-layer weakness rather than a logic flaw in application code, meaning an adversary does not exploit a memory corruption issue or injection vector, but simply reads traffic that the application fails to protect. The CWE-319 root cause class is well understood and the fix pattern (enforcing TLS across all communication paths) is straightforward for vendors to apply.
RemediationAI
Apply the vendor-released patch referenced in the IBM Security Advisory at https://www.ibm.com/support/pages/node/7277802; the advisory confirms a fix is available, though the exact patched version number is not specified in currently available data and should be confirmed directly from the IBM advisory page. As a compensating control while the patch is being applied, enforce network-layer TLS between all watsonx.data intelligence service components and between clients and the platform - deploying a TLS-terminating reverse proxy at the perimeter will reduce exposure of client-facing cleartext channels, though internal inter-component cleartext paths may remain vulnerable until the vendor patch is applied. Additionally, restrict network access to watsonx.data intelligence endpoints using firewall rules or micro-segmentation to limit the network segments from which a man-in-the-middle position could be achieved, noting that this reduces attack surface but does not eliminate the vulnerability in shared or cloud-hosted environments.
More in Watsonx Data Intelligence
View allClient-side enforcement of server-side security in IBM watsonx.data Intelligence versions 5.2.0 through 5.3.0 allows an
Stored cross-site scripting in IBM watsonx.data intelligence versions 5.2.0 through 5.3.0 allows authenticated low-privi
Cleartext transmission in IBM watsonx.data intelligence versions 5.2.0 through 5.3.0 exposes sensitive data to intercept
HTML injection in IBM watsonx.data Intelligence versions 5.2.0 through 5.3.0 enables a remote authenticated attacker to
Cross-site scripting in IBM watsonx.data Intelligence 5.2.0 through 5.3.0 allows low-privileged authenticated users to i
Temporary denial of service in IBM watsonx.data intelligence 5.2.0 through 5.3.0 is achievable by authenticated users wh
IBM watsonx.data Intelligence versions 5.2.0 through 5.3.0 leak sensitive technical information to the browser via verbo
IBM watsonx.data Intelligence versions 5.2.0 through 5.3.0 exposes authenticated users to unauthorized action execution
Server-side request forgery in IBM watsonx.data intelligence versions 5.2.0 through 5.3.0 enables authenticated attacker
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-210384
GHSA-4h2g-pgm3-vm4c