Skip to main content

Watsonx Data

5 CVEs product

Monthly

CVE-2025-36145 MEDIUM PATCH This Month

IBM watsonx.data (IBM Lakehouse) versions 2.2 through 2.3.1 fails to properly restrict inbound and outbound network connections, enabling authenticated low-privilege attackers to transfer or modify files without appropriate authorization controls. The vulnerability carries a CVSS score of 5.4 with network reachability and low attack complexity, though EPSS probability sits at just 0.02% (7th percentile) and SSVC assessment confirms no active exploitation. No public exploit code has been identified at time of analysis, and a vendor-released patch is available via IBM's support portal.

Information Disclosure IBM Watsonx Data
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-36144 LOW Monitor

IBM Lakehouse (watsonx.data 2.2) stores potentially sensitive information in log files that could be read by a local user. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Watsonx Data
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-36146 MEDIUM Monitor

IBM Lakehouse (watsonx.data 2.2) could allow an authenticated user to obtain sensitive server component version information which could aid in further attacks against the system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Watsonx Data
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-36143 MEDIUM Monitor

IBM Lakehouse (watsonx.data 2.2) could allow an authenticated privileged user to execute arbitrary commands on the system due to improper validation of user supplied input. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection IBM Watsonx Data
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2025-36139 MEDIUM This Month

IBM Lakehouse (watsonx.data 2.2) is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Watsonx Data
NVD
CVSS 3.1
5.5
EPSS
0.0%
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM watsonx.data (IBM Lakehouse) versions 2.2 through 2.3.1 fails to properly restrict inbound and outbound network connections, enabling authenticated low-privilege attackers to transfer or modify files without appropriate authorization controls. The vulnerability carries a CVSS score of 5.4 with network reachability and low attack complexity, though EPSS probability sits at just 0.02% (7th percentile) and SSVC assessment confirms no active exploitation. No public exploit code has been identified at time of analysis, and a vendor-released patch is available via IBM's support portal.

Information Disclosure IBM Watsonx Data
NVD
EPSS 0% CVSS 3.3
LOW Monitor

IBM Lakehouse (watsonx.data 2.2) stores potentially sensitive information in log files that could be read by a local user. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Watsonx Data
NVD
EPSS 0% CVSS 4.3
MEDIUM Monitor

IBM Lakehouse (watsonx.data 2.2) could allow an authenticated user to obtain sensitive server component version information which could aid in further attacks against the system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Watsonx Data
NVD
EPSS 0% CVSS 4.7
MEDIUM Monitor

IBM Lakehouse (watsonx.data 2.2) could allow an authenticated privileged user to execute arbitrary commands on the system due to improper validation of user supplied input. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection IBM Watsonx Data
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

IBM Lakehouse (watsonx.data 2.2) is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Watsonx Data
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy