本ページは ibm watsonx.data に影響する公開済み CVE(NVD の CPE 経由で関連付け)を列挙します。各行に深刻度指標・概要・公開日が含まれます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2025-36145 | IBM watsonx.data 2.2 through 2.3.1 IBM Lakehouse does not properly restrict inbound and outbound connections which could allow an attacker to transfer or modify files without restrictions. | [email protected] | 5.4 | 0.17% | 2026-05-26 | 2026-06-17 |
| CVE-2025-36335 | IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.3.0, 5.3.1 stores user credentials in plain text which can be read by a local user. | [email protected] | 6.2 | 0.09% | 2026-04-30 | 2026-06-17 |
| CVE-2025-36180 | IBM watsonx.data 2.2 through 2.3 IBM Lakehouse does not properly restrict communication between pods which could allow an attacker to transfer data between pods without restrictions. | [email protected] | 5.3 | 0.19% | 2026-04-30 | 2026-06-17 |
| CVE-2025-36183 | IBM watsonx.data 2.2 through 2.2.1 IBM Lakehouse could allow a privileged user to upload malicious files that could be executed server to modify limited files or data. | [email protected] | 3.8 | 0.18% | 2026-02-17 | 2026-06-17 |
| CVE-2025-36140 | IBM watsonx.data 2.2 through 2.2.1 could allow an authenticated user to cause a denial of service through ingestion pods due to improper allocation of resources without limits. | [email protected] | 6.5 | 0.24% | 2025-12-08 | 2026-06-17 |
| CVE-2025-36144 | IBM Lakehouse (watsonx.data 2.2) stores potentially sensitive information in log files that could be read by a local user. | [email protected] | 3.3 | 0.11% | 2025-09-26 | 2026-06-17 |
| CVE-2025-36146 | IBM Lakehouse (watsonx.data 2.2) could allow an authenticated user to obtain sensitive server component version information which could aid in further attacks against the system. | [email protected] | 4.3 | 0.21% | 2025-09-18 | 2026-06-17 |
| CVE-2025-36143 | IBM Lakehouse (watsonx.data 2.2) could allow an authenticated privileged user to execute arbitrary commands on the system due to improper validation of user supplied input. | [email protected] | 4.7 | 0.32% | 2025-09-18 | 2026-06-17 |
| CVE-2025-36139 | IBM Lakehouse (watsonx.data 2.2) is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | [email protected] | 5.5 | 0.17% | 2025-09-18 | 2026-06-17 |