Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

watsonx.data intelligence

Source -

CNA

CNA CVEs -

11

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
11Vulnerabilities found

CVE-2025-12530
Assigner-IBM Corporation
ShareView Details
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.20% / 10.41%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 20:34
Updated-01 Jul, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Vulnerabilities found in Watson Data Intelligence

IBM watsonx.data intelligence 5.2.2, 5.3.0, 5.3.1, 5.3.1 through patch-1 transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques.

Action-Not Available
Vendor-IBM Corporation
Product-watsonx.data intelligence
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2025-36319
Assigner-IBM Corporation
ShareView Details
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.42% / 33.97%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 20:23
Updated-01 Jul, 2026 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Vulnerabilities found in Watson Data Intelligence

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow an authenticated user to cause a temporary denial using a specially crafted HTTP request due to improper allocation of resource throttling.

Action-Not Available
Vendor-IBM Corporation
Product-watsonx.data intelligence
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2025-36320
Assigner-IBM Corporation
ShareView Details
Assigner-IBM Corporation
CVSS Score-6.4||MEDIUM
EPSS-0.25% / 16.33%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 20:22
Updated-01 Jul, 2026 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Vulnerabilities found in Watson Data Intelligence

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Action-Not Available
Vendor-IBM Corporation
Product-watsonx.data intelligence
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-36321
Assigner-IBM Corporation
ShareView Details
Assigner-IBM Corporation
CVSS Score-5.7||MEDIUM
EPSS-0.40% / 31.79%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 20:19
Updated-01 Jul, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Vulnerabilities found in Watson Data Intelligence

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.

Action-Not Available
Vendor-IBM Corporation
Product-watsonx.data intelligence
CWE ID-CWE-80
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
CVE-2025-36323
Assigner-IBM Corporation
ShareView Details
Assigner-IBM Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.23% / 13.22%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 20:19
Updated-01 Jul, 2026 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Vulnerabilities found in Watson Data Intelligence

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Action-Not Available
Vendor-IBM Corporation
Product-watsonx.data intelligence
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-36324
Assigner-IBM Corporation
ShareView Details
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.27% / 18.64%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 20:18
Updated-01 Jul, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Vulnerabilities found in Watson Data Intelligence

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 s vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

Action-Not Available
Vendor-IBM Corporation
Product-watsonx.data intelligence
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2025-36327
Assigner-IBM Corporation
ShareView Details
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.38% / 29.50%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 20:17
Updated-01 Jul, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Vulnerabilities found in Watson Data Intelligence

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow an authenticated user to bypass security controls and perform unauthorized actions due to client-side enforcement of sever-side security.

Action-Not Available
Vendor-IBM Corporation
Product-watsonx.data intelligence
CWE ID-CWE-602
Client-Side Enforcement of Server-Side Security
CVE-2025-36328
Assigner-IBM Corporation
ShareView Details
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.36% / 27.89%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 20:16
Updated-01 Jul, 2026 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Error Message Containing Sensitive Information found in Watson Data Intelligence

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.  This information could be used in further attacks against the system.

Action-Not Available
Vendor-IBM Corporation
Product-watsonx.data intelligence
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2025-36333
Assigner-IBM Corporation
ShareView Details
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.28% / 19.50%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 20:15
Updated-01 Jul, 2026 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Vulnerabilities found in Watson Data Intelligence

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow an authenticated user to perform unauthorized actions due to the improper enforcement of behavioral workflow.

Action-Not Available
Vendor-IBM Corporation
Product-watsonx.data intelligence
CWE ID-CWE-841
Improper Enforcement of Behavioral Workflow
CVE-2025-36336
Assigner-IBM Corporation
ShareView Details
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.20% / 10.41%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 20:12
Updated-01 Jul, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Transmission of Sensitive Information found in Watson Data Intelligence

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques.

Action-Not Available
Vendor-IBM Corporation
Product-watsonx.data intelligence
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2025-36335
Assigner-IBM Corporation
ShareView Details
Assigner-IBM Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.09% / 0.73%
||
7 Day CHG~0.00%
Published-30 Apr, 2026 | 21:12
Updated-12 May, 2026 | 19:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Vulnerabilities found

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.3.0, 5.3.1 stores user credentials in plain text which can be read by a local user.

Action-Not Available
Vendor-IBM Corporation
Product-watsonx.datawatsonx.data intelligence
CWE ID-CWE-256
Plaintext Storage of a Password