Watsonx.data

watsonx.data

Vendor: Ibm • 9 CVEs

CVEs (9)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-36145 1Ibm 1Watsonx.data Jun 1, 2026 May 26, 2026 N/A· v4 5.3 MEDIUM· v3 N/A· v2 IBM watsonx.data 2.2 through 2.3.1 IBM Lakehouse does not properly restrict inbound and outbound connections which could allow an attacker to transfer or modify files without restrictions.
CVE-2025-36335 1Ibm 1Watsonx.data May 12, 2026 Apr 30, 2026 N/A· v4 5.5 MEDIUM· v3 N/A· v2 IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.3.0, 5.3.1 stores user credentials in plain text which can be read by a local user.
CVE-2025-36180 1Ibm 1Watsonx.data May 12, 2026 Apr 30, 2026 N/A· v4 7.5 HIGH· v3 N/A· v2 IBM watsonx.data 2.2 through 2.3 IBM Lakehouse does not properly restrict communication between pods which could allow an attacker to transfer data between pods without restrictions.
CVE-2025-36183 1Ibm 1Watsonx.data Feb 20, 2026 Feb 17, 2026 N/A· v4 2.7 LOW· v3 N/A· v2 IBM watsonx.data 2.2 through 2.2.1 IBM Lakehouse could allow a privileged user to upload malicious files that could be executed server to modify limited files or data.
CVE-2025-36140 1Ibm 1Watsonx.data Dec 10, 2025 Dec 8, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 IBM watsonx.data 2.2 through 2.2.1 could allow an authenticated user to cause a denial of service through ingestion pods due to improper allocation of resources without limits.
CVE-2025-36144 1Ibm 1Watsonx.data Oct 3, 2025 Sep 27, 2025 N/A· v4 5.5 MEDIUM· v3 N/A· v2 IBM Lakehouse (watsonx.data 2.2) stores potentially sensitive information in log files that could be read by a local user.
CVE-2025-36146 1Ibm 1Watsonx.data Sep 25, 2025 Sep 18, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 IBM Lakehouse (watsonx.data 2.2) could allow an authenticated user to obtain sensitive server component version information which could aid in further attacks against the system.
CVE-2025-36143 1Ibm 1Watsonx.data Sep 25, 2025 Sep 18, 2025 N/A· v4 7.2 HIGH· v3 N/A· v2 IBM Lakehouse (watsonx.data 2.2) could allow an authenticated privileged user to execute arbitrary commands on the system due to improper validation of user supplied input.
CVE-2025-36139 1Ibm 1Watsonx.data Sep 25, 2025 Sep 18, 2025 N/A· v4 4.8 MEDIUM· v3 N/A· v2 IBM Lakehouse (watsonx.data 2.2) is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potenti...Show more IBM Lakehouse (watsonx.data 2.2) is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.Show less