CVE-2025-36140
- EPSS 0.04%
- Veröffentlicht 08.12.2025 22:11:02
- Zuletzt bearbeitet 10.12.2025 19:56:15
IBM watsonx.data 2.2 through 2.2.1 could allow an authenticated user to cause a denial of service through ingestion pods due to improper allocation of resources without limits.
CVE-2025-36144
- EPSS 0.02%
- Veröffentlicht 27.09.2025 01:15:42
- Zuletzt bearbeitet 03.10.2025 19:15:18
IBM Lakehouse (watsonx.data 2.2) stores potentially sensitive information in log files that could be read by a local user.
CVE-2025-36146
- EPSS 0.04%
- Veröffentlicht 18.09.2025 15:15:58
- Zuletzt bearbeitet 25.09.2025 15:52:20
IBM Lakehouse (watsonx.data 2.2) could allow an authenticated user to obtain sensitive server component version information which could aid in further attacks against the system.
CVE-2025-36143
- EPSS 0.05%
- Veröffentlicht 18.09.2025 15:14:41
- Zuletzt bearbeitet 25.09.2025 15:50:10
IBM Lakehouse (watsonx.data 2.2) could allow an authenticated privileged user to execute arbitrary commands on the system due to improper validation of user supplied input.
CVE-2025-36139
- EPSS 0.03%
- Veröffentlicht 18.09.2025 15:13:10
- Zuletzt bearbeitet 25.09.2025 16:16:36
IBM Lakehouse (watsonx.data 2.2) is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials di...