VYPR

Watsonx.data

by IBM

CVEs (9)

  • CVE-2025-36335MedApr 30, 2026
    risk 0.40cvss 6.2epss 0.00

    IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.3.0, 5.3.1 stores user credentials in plain text which can be read by a local user.

  • CVE-2025-36145MedMay 26, 2026
    risk 0.35cvss 5.4epss 0.00

    IBM watsonx.data 2.2 through 2.3.1 IBM Lakehouse does not properly restrict inbound and outbound connections which could allow an attacker to transfer or modify files without restrictions.

  • CVE-2025-36180MedApr 30, 2026
    risk 0.34cvss 5.3epss 0.00

    IBM watsonx.data 2.2 through 2.3 IBM Lakehouse does not properly restrict communication between pods which could allow an attacker to transfer data between pods without restrictions.

  • CVE-2025-36183Feb 17, 2026
    risk 0.00cvss epss 0.00

    IBM watsonx.data 2.2 through 2.2.1 IBM Lakehouse could allow a privileged user to upload malicious files that could be executed server to modify limited files or data.

  • CVE-2025-36140Dec 8, 2025
    risk 0.00cvss epss 0.00

    IBM watsonx.data 2.2 through 2.2.1 could allow an authenticated user to cause a denial of service through ingestion pods due to improper allocation of resources without limits.

  • CVE-2025-36144Sep 27, 2025
    risk 0.00cvss epss 0.00

    IBM Lakehouse (watsonx.data 2.2) stores potentially sensitive information in log files that could be read by a local user.

  • CVE-2025-36146Sep 18, 2025
    risk 0.00cvss epss 0.00

    IBM Lakehouse (watsonx.data 2.2) could allow an authenticated user to obtain sensitive server component version information which could aid in further attacks against the system.

  • CVE-2025-36143Sep 18, 2025
    risk 0.00cvss epss 0.00

    IBM Lakehouse (watsonx.data 2.2) could allow an authenticated privileged user to execute arbitrary commands on the system due to improper validation of user supplied input.

  • CVE-2025-36139Sep 18, 2025
    risk 0.00cvss epss 0.00

    IBM Lakehouse (watsonx.data 2.2) is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted…