Watsonx.data
by IBM
CVEs (9)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-36335 | Med | 0.40 | 6.2 | 0.00 | Apr 30, 2026 | IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.3.0, 5.3.1 stores user credentials in plain text which can be read by a local user. | ||
| CVE-2025-36145 | Med | 0.35 | 5.4 | 0.00 | May 26, 2026 | IBM watsonx.data 2.2 through 2.3.1 IBM Lakehouse does not properly restrict inbound and outbound connections which could allow an attacker to transfer or modify files without restrictions. | ||
| CVE-2025-36180 | Med | 0.34 | 5.3 | 0.00 | Apr 30, 2026 | IBM watsonx.data 2.2 through 2.3 IBM Lakehouse does not properly restrict communication between pods which could allow an attacker to transfer data between pods without restrictions. | ||
| CVE-2025-36183 | 0.00 | — | 0.00 | Feb 17, 2026 | IBM watsonx.data 2.2 through 2.2.1 IBM Lakehouse could allow a privileged user to upload malicious files that could be executed server to modify limited files or data. | |||
| CVE-2025-36140 | 0.00 | — | 0.00 | Dec 8, 2025 | IBM watsonx.data 2.2 through 2.2.1 could allow an authenticated user to cause a denial of service through ingestion pods due to improper allocation of resources without limits. | |||
| CVE-2025-36144 | 0.00 | — | 0.00 | Sep 27, 2025 | IBM Lakehouse (watsonx.data 2.2) stores potentially sensitive information in log files that could be read by a local user. | |||
| CVE-2025-36146 | 0.00 | — | 0.00 | Sep 18, 2025 | IBM Lakehouse (watsonx.data 2.2) could allow an authenticated user to obtain sensitive server component version information which could aid in further attacks against the system. | |||
| CVE-2025-36143 | 0.00 | — | 0.00 | Sep 18, 2025 | IBM Lakehouse (watsonx.data 2.2) could allow an authenticated privileged user to execute arbitrary commands on the system due to improper validation of user supplied input. | |||
| CVE-2025-36139 | 0.00 | — | 0.00 | Sep 18, 2025 | IBM Lakehouse (watsonx.data 2.2) is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted… |
- risk 0.40cvss 6.2epss 0.00
IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.3.0, 5.3.1 stores user credentials in plain text which can be read by a local user.
- risk 0.35cvss 5.4epss 0.00
IBM watsonx.data 2.2 through 2.3.1 IBM Lakehouse does not properly restrict inbound and outbound connections which could allow an attacker to transfer or modify files without restrictions.
- risk 0.34cvss 5.3epss 0.00
IBM watsonx.data 2.2 through 2.3 IBM Lakehouse does not properly restrict communication between pods which could allow an attacker to transfer data between pods without restrictions.
- CVE-2025-36183Feb 17, 2026risk 0.00cvss —epss 0.00
IBM watsonx.data 2.2 through 2.2.1 IBM Lakehouse could allow a privileged user to upload malicious files that could be executed server to modify limited files or data.
- CVE-2025-36140Dec 8, 2025risk 0.00cvss —epss 0.00
IBM watsonx.data 2.2 through 2.2.1 could allow an authenticated user to cause a denial of service through ingestion pods due to improper allocation of resources without limits.
- CVE-2025-36144Sep 27, 2025risk 0.00cvss —epss 0.00
IBM Lakehouse (watsonx.data 2.2) stores potentially sensitive information in log files that could be read by a local user.
- CVE-2025-36146Sep 18, 2025risk 0.00cvss —epss 0.00
IBM Lakehouse (watsonx.data 2.2) could allow an authenticated user to obtain sensitive server component version information which could aid in further attacks against the system.
- CVE-2025-36143Sep 18, 2025risk 0.00cvss —epss 0.00
IBM Lakehouse (watsonx.data 2.2) could allow an authenticated privileged user to execute arbitrary commands on the system due to improper validation of user supplied input.
- CVE-2025-36139Sep 18, 2025risk 0.00cvss —epss 0.00
IBM Lakehouse (watsonx.data 2.2) is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted…