VYPR

DataStage on Cloud Pak for Data

by IBM

CVEs (16)

  • CVE-2023-42005HigMay 29, 2024
    risk 0.48cvss 7.4epss 0.00

    IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data 3.5, 4.0, 4.5, 4.6, 4.7, and 4.8 could allow a user with access to the Kubernetes pod, to make system calls compromising the security of containers. IBM X-Force ID: 265264.

  • CVE-2022-36769HigApr 26, 2023
    risk 0.47cvss 7.2epss 0.01

    IBM Cloud Pak for Data 4.5 and 4.6 could allow a privileged user to upload malicious files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 232034.

  • CVE-2022-22353MedMar 14, 2022
    risk 0.42cvss 6.5epss 0.01

    IBM Big SQL on IBM Cloud Pak for Data 7.1.0, 7.1.1, 7.2.0, and 7.2.3 could allow an authenticated user with appropriate permissions to obtain sensitive information by bypassing data masking rules using a CREATE TABLE SELECT statement. IBM X-Force ID: 220480.

  • CVE-2021-20486MedMay 26, 2021
    risk 0.42cvss 6.5epss 0.01

    IBM Cloud Pak for Data 3.0 could allow an authenticated user to obtain sensitive information when installed with additional plugins. IBM X-Force ID: 197668.

  • CVE-2025-0719MedFeb 26, 2025
    risk 0.40cvss 6.1epss 0.00

    IBM Cloud Pak for Data 4.0.0 through 4.8.5 and 5.0.0 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials…

  • CVE-2024-49785MedJan 12, 2025
    risk 0.35cvss 5.4epss 0.00

    IBM watsonx.ai 1.1 through 2.0.3 and IBM watsonx.ai on Cloud Pak for Data 4.8 through 5.0.3 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality…

  • CVE-2024-22341MedFeb 22, 2025
    risk 0.34cvss 5.3epss 0.00

    IBM Watson Query on Cloud Pak for Data 4.0.0 through 4.0.9, 4.5.0 through 4.5.3, 4.6.0 through 4.6.6, 4.7.0 through 4.7.4, and 4.8.0 through 4.8.7 could allow unauthorized data access from a remote data source object due to improper privilege management.

  • CVE-2022-38714MedFeb 12, 2024
    risk 0.32cvss 4.9epss 0.01

    IBM DataStage on Cloud Pak for Data 4.0.6 to 4.5.2 stores sensitive credential information that can be read by a privileged user. IBM X-Force ID: 235060.

  • CVE-2021-38899MedSep 20, 2021
    risk 0.29cvss 4.4epss 0.00

    IBM Cloud Pak for Data 2.5 could allow a local user with special privileges to obtain highly sensitive information. IBM X-Force ID: 209575.

  • CVE-2024-35160MedNov 23, 2024
    risk 0.28cvss 4.3epss 0.00

    IBM Watson Query on Cloud Pak for Data 1.8, 2.0, 2.1, 2.2 and IBM Db2 Big SQL on Cloud Pak for Data 7.3, 7.4, 7.5, and 7.6 could allow an authenticated user to obtain sensitive information due to insufficient session expiration.

  • CVE-2025-13686Mar 3, 2026
    risk 0.00cvss epss 0.00

    IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input through the job subroutine component.

  • CVE-2025-13687Mar 3, 2026
    risk 0.00cvss epss 0.00

    IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input through the user-defined function component.

  • CVE-2025-13688Mar 3, 2026
    risk 0.00cvss epss 0.00

    IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input through the wrapped command component.

  • CVE-2025-13616Mar 3, 2026
    risk 0.00cvss epss 0.00

    IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 returns sensitive information in an HTTP response that could be used in further attacks against the system.

  • CVE-2025-13689Feb 17, 2026
    risk 0.00cvss epss 0.01

    IBM DataStage on Cloud Pak for Data could allow an authenticated user to execute arbitrary commands and gain access to sensitive information due to unrestricted file uploads.

  • CVE-2025-13691Feb 17, 2026
    risk 0.00cvss epss 0.00

    IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 returns sensitive information in an HTTP response that could be used to impersonate other users in the system.