本ページは ibm cloud_pak_for_data に影響する公開済み CVE(NVD の CPE 経由で関連付け)を列挙します。各行に深刻度指標・概要・公開日が含まれます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2025-0719 | IBM Cloud Pak for Data 4.0.0 through 4.8.5 and 5.0.0 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | [email protected] | 6.1 | 0.30% | 2025-02-26 | 2026-06-17 |
| CVE-2023-27545 | IBM Watson CloudPak for Data Data Stores information disclosure 4.6.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 248947. | [email protected] | 4.0 | 0.19% | 2024-02-28 | 2026-06-17 |
| CVE-2023-27877 | IBM Planning Analytics Cartridge for Cloud Pak for Data 4.0 connects to a CouchDB server. An attacker can exploit an insecure password policy to the CouchDB server and collect sensitive information from the database. IBM X-Force ID: 247905. | [email protected] | 5.3 | 0.46% | 2023-07-18 | 2026-06-17 |
| CVE-2023-26026 | Planning Analytics Cartridge for Cloud Pak for Data 4.0 exposes sensitive information in logs which could lead an attacker to exploit this vulnerability to conduct further attacks. IBM X-Force ID: 247896. | [email protected] | 5.3 | 0.49% | 2023-07-18 | 2026-06-17 |
| CVE-2023-26023 | Planning Analytics Cartridge for Cloud Pak for Data 4.0 exposes sensitive information in logs which could lead an attacker to exploit this vulnerability to conduct further attacks. IBM X-Force ID: 247896. | [email protected] | 6.5 | 0.56% | 2023-07-18 | 2026-06-17 |
| CVE-2023-27540 | IBM Watson CP4D Data Stores 4.6.0 does not properly allocate resources without limits or throttling which could allow a remote attacker with information specific to the system to cause a denial of service. IBM X-Force ID: 248924. | [email protected] | 5.9 | 0.98% | 2023-07-10 | 2026-06-17 |
| CVE-2022-36769 | IBM Cloud Pak for Data 4.5 and 4.6 could allow a privileged user to upload malicious files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 232034. | [email protected] | 7.2 | 0.87% | 2023-04-25 | 2026-06-17 |
| CVE-2021-38899 | IBM Cloud Pak for Data 2.5 could allow a local user with special privileges to obtain highly sensitive information. IBM X-Force ID: 209575. | [email protected] | 4.4 | 0.26% | 2021-09-20 | 2026-06-17 |
| CVE-2021-20486 | IBM Cloud Pak for Data 3.0 could allow an authenticated user to obtain sensitive information when installed with additional plugins. IBM X-Force ID: 197668. | [email protected] | 6.5 | 0.85% | 2021-05-26 | 2026-06-16 |