5.4
CVE-2025-36145
- EPSS 0.17%
- Veröffentlicht 26.05.2026 15:50:54
- Zuletzt bearbeitet 01.06.2026 17:24:29
- Quelle psirt@us.ibm.com
- CVE-Watchlists
- Unerledigt
Multiple Vulnerabilities in watsonx.data
IBM watsonx.data 2.2 through 2.3.1 IBM Lakehouse does not properly restrict inbound and outbound connections which could allow an attacker to transfer or modify files without restrictions.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ibm ≫ Watsonx.Data Version >= 2.2.0 <= 2.3.1
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.17% | 0.061 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
|
| psirt@us.ibm.com | 5.4 | 2.8 | 2.5 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
|
CWE-923 Improper Restriction of Communication Channel to Intended Endpoints
The product establishes a communication channel to (or from) an endpoint for privileged or protected operations, but it does not properly ensure that it is communicating with the correct endpoint.
https://www.ibm.com/support/pages/node/7272498