CVE-2025-36319
- EPSS 0.43%
- Veröffentlicht 30.06.2026 20:23:09
- Zuletzt bearbeitet 06.07.2026 13:25:44
IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow an authenticated user to cause a temporary denial using a specially crafted HTTP request due to improper allocation of resource throttling.
CVE-2025-36321
- EPSS 0.41%
- Veröffentlicht 30.06.2026 20:19:53
- Zuletzt bearbeitet 06.07.2026 13:25:04
IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting ...
CVE-2025-36328
- EPSS 0.37%
- Veröffentlicht 30.06.2026 20:16:45
- Zuletzt bearbeitet 06.07.2026 13:22:41
IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the ...
CVE-2025-36145
- EPSS 0.17%
- Veröffentlicht 26.05.2026 15:50:54
- Zuletzt bearbeitet 01.06.2026 17:24:29
IBM watsonx.data 2.2 through 2.3.1 IBM Lakehouse does not properly restrict inbound and outbound connections which could allow an attacker to transfer or modify files without restrictions.
CVE-2025-36180
- EPSS 0.19%
- Veröffentlicht 30.04.2026 21:28:00
- Zuletzt bearbeitet 12.05.2026 19:23:30
IBM watsonx.data 2.2 through 2.3 IBM Lakehouse does not properly restrict communication between pods which could allow an attacker to transfer data between pods without restrictions.
CVE-2025-36335
- EPSS 0.09%
- Veröffentlicht 30.04.2026 21:12:54
- Zuletzt bearbeitet 12.05.2026 19:25:00
IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.3.0, 5.3.1 stores user credentials in plain text which can be read by a local user.
CVE-2025-36183
- EPSS 0.19%
- Veröffentlicht 17.02.2026 21:32:26
- Zuletzt bearbeitet 20.02.2026 17:57:13
IBM watsonx.data 2.2 through 2.2.1 IBM Lakehouse could allow a privileged user to upload malicious files that could be executed server to modify limited files or data.
CVE-2025-36140
- EPSS 0.25%
- Veröffentlicht 08.12.2025 22:11:02
- Zuletzt bearbeitet 10.12.2025 19:56:15
IBM watsonx.data 2.2 through 2.2.1 could allow an authenticated user to cause a denial of service through ingestion pods due to improper allocation of resources without limits.
CVE-2025-36144
- EPSS 0.12%
- Veröffentlicht 27.09.2025 01:15:42
- Zuletzt bearbeitet 03.10.2025 19:15:18
IBM Lakehouse (watsonx.data 2.2) stores potentially sensitive information in log files that could be read by a local user.
CVE-2025-36146
- EPSS 0.21%
- Veröffentlicht 18.09.2025 15:15:58
- Zuletzt bearbeitet 25.09.2025 15:52:20
IBM Lakehouse (watsonx.data 2.2) could allow an authenticated user to obtain sensitive server component version information which could aid in further attacks against the system.