Total
9 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-36145 | 1 Ibm | 1 Watsonx.data | 2026-06-01 | N/A | 5.4 MEDIUM |
| IBM watsonx.data 2.2 through 2.3.1 IBM Lakehouse does not properly restrict inbound and outbound connections which could allow an attacker to transfer or modify files without restrictions. | |||||
| CVE-2025-36335 | 1 Ibm | 1 Watsonx.data | 2026-05-12 | N/A | 6.2 MEDIUM |
| IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.3.0, 5.3.1 stores user credentials in plain text which can be read by a local user. | |||||
| CVE-2025-36180 | 1 Ibm | 1 Watsonx.data | 2026-05-12 | N/A | 5.3 MEDIUM |
| IBM watsonx.data 2.2 through 2.3 IBM Lakehouse does not properly restrict communication between pods which could allow an attacker to transfer data between pods without restrictions. | |||||
| CVE-2025-36183 | 1 Ibm | 1 Watsonx.data | 2026-02-20 | N/A | 3.8 LOW |
| IBM watsonx.data 2.2 through 2.2.1 IBM Lakehouse could allow a privileged user to upload malicious files that could be executed server to modify limited files or data. | |||||
| CVE-2025-36140 | 1 Ibm | 1 Watsonx.data | 2025-12-10 | N/A | 6.5 MEDIUM |
| IBM watsonx.data 2.2 through 2.2.1 could allow an authenticated user to cause a denial of service through ingestion pods due to improper allocation of resources without limits. | |||||
| CVE-2025-36144 | 1 Ibm | 1 Watsonx.data | 2025-10-03 | N/A | 3.3 LOW |
| IBM Lakehouse (watsonx.data 2.2) stores potentially sensitive information in log files that could be read by a local user. | |||||
| CVE-2025-36139 | 1 Ibm | 1 Watsonx.data | 2025-09-25 | N/A | 5.5 MEDIUM |
| IBM Lakehouse (watsonx.data 2.2) is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2025-36146 | 1 Ibm | 1 Watsonx.data | 2025-09-25 | N/A | 4.3 MEDIUM |
| IBM Lakehouse (watsonx.data 2.2) could allow an authenticated user to obtain sensitive server component version information which could aid in further attacks against the system. | |||||
| CVE-2025-36143 | 1 Ibm | 1 Watsonx.data | 2025-09-25 | N/A | 4.7 MEDIUM |
| IBM Lakehouse (watsonx.data 2.2) could allow an authenticated privileged user to execute arbitrary commands on the system due to improper validation of user supplied input. | |||||