This page lists publicly disclosed CVE vulnerabilities affecting ibm watson_assistant_for_ibm_cloud_pak_for_data (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2024-49790 | IBM Watson Studio on Cloud Pak for Data 4.0 and 5.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | [email protected] | 5.4 | 0.17% | 2025-08-28 | 2025-11-26 |
| CVE-2024-49353 | IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data 4.0.0 through 5.0.2 does not properly check inputs to resources that are used concurrently, which might lead to unexpected states, possibly resulting in a crash. | [email protected] | 7.5 | 0.33% | 2024-11-26 | 2025-08-15 |
| CVE-2019-4428 | IBM Watson Assistant for IBM Cloud Pak for Data 1.0.0 through 1.3.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162807. | [email protected] | 5.4 | 0.56% | 2019-12-09 | 2024-11-21 |