Ibm

Cloud Pak For Data

11 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.6

CVE-2025-0165

  • EPSS 0.12%
  • Veröffentlicht 30.08.2025 12:47:56
  • Zuletzt bearbeitet 02.09.2025 15:55:25

IBM watsonx Orchestrate Cartridge for IBM Cloud Pak for Data 4.8.4, 4.8.5, and 5.0.0 through 5.2.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or ...

5.4

CVE-2024-49790

  • EPSS 0.03%
  • Veröffentlicht 28.08.2025 14:15:43
  • Zuletzt bearbeitet 29.08.2025 16:24:29

IBM Watson Studio on Cloud Pak for Data 4.0 and 5.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading t...

6.1

CVE-2025-0719

  • EPSS 0.07%
  • Veröffentlicht 26.02.2025 14:15:11
  • Zuletzt bearbeitet 08.08.2025 19:35:40

IBM Cloud Pak for Data 4.0.0 through 4.8.5 and 5.0.0 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially le...

5.5

CVE-2023-27545

  • EPSS 0.03%
  • Veröffentlicht 29.02.2024 02:15:08
  • Zuletzt bearbeitet 01.04.2025 16:46:33

IBM Watson CloudPak for Data Data Stores information disclosure 4.6.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 248947.

7.5

CVE-2023-26023

  • EPSS 0.06%
  • Veröffentlicht 19.07.2023 02:15:09
  • Zuletzt bearbeitet 21.11.2024 07:50:36

Planning Analytics Cartridge for Cloud Pak for Data 4.0 exposes sensitive information in logs which could lead an attacker to exploit this vulnerability to conduct further attacks. IBM X-Force ID: 247896.

7.5

CVE-2023-26026

  • EPSS 0.07%
  • Veröffentlicht 19.07.2023 02:15:09
  • Zuletzt bearbeitet 21.11.2024 07:50:37

Planning Analytics Cartridge for Cloud Pak for Data 4.0 exposes sensitive information in logs which could lead an attacker to exploit this vulnerability to conduct further attacks. IBM X-Force ID: 247896.

7.5

CVE-2023-27877

  • EPSS 0.06%
  • Veröffentlicht 19.07.2023 02:15:09
  • Zuletzt bearbeitet 21.11.2024 07:53:37

IBM Planning Analytics Cartridge for Cloud Pak for Data 4.0 connects to a CouchDB server. An attacker can exploit an insecure password policy to the CouchDB server and collect sensitive information from the database. IBM X-Force ID: 247905.

7.5

CVE-2023-27540

  • EPSS 0.08%
  • Veröffentlicht 10.07.2023 16:15:49
  • Zuletzt bearbeitet 21.11.2024 07:53:07

IBM Watson CP4D Data Stores 4.6.0 does not properly allocate resources without limits or throttling which could allow a remote attacker with information specific to the system to cause a denial of service. IBM X-Force ID: 248924.

7.2

CVE-2022-36769

  • EPSS 0.12%
  • Veröffentlicht 26.04.2023 03:15:08
  • Zuletzt bearbeitet 21.11.2024 07:13:40

IBM Cloud Pak for Data 4.5 and 4.6 could allow a privileged user to upload malicious files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 232034.

4.4

CVE-2021-38899

  • EPSS 0.05%
  • Veröffentlicht 20.09.2021 17:15:09
  • Zuletzt bearbeitet 21.11.2024 06:18:10

IBM Cloud Pak for Data 2.5 could allow a local user with special privileges to obtain highly sensitive information. IBM X-Force ID: 209575.