This page lists publicly disclosed CVE vulnerabilities affecting ibm watsonx.data (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2025-36145 | IBM watsonx.data 2.2 through 2.3.1 IBM Lakehouse does not properly restrict inbound and outbound connections which could allow an attacker to transfer or modify files without restrictions. | [email protected] | 5.4 | 0.02% | 2026-05-26 | 2026-06-01 |
| CVE-2025-36335 | IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.3.0, 5.3.1 stores user credentials in plain text which can be read by a local user. | [email protected] | 6.2 | 0.01% | 2026-04-30 | 2026-05-12 |
| CVE-2025-36180 | IBM watsonx.data 2.2 through 2.3 IBM Lakehouse does not properly restrict communication between pods which could allow an attacker to transfer data between pods without restrictions. | [email protected] | 5.3 | 0.06% | 2026-04-30 | 2026-05-12 |
| CVE-2025-36183 | IBM watsonx.data 2.2 through 2.2.1 IBM Lakehouse could allow a privileged user to upload malicious files that could be executed server to modify limited files or data. | [email protected] | 3.8 | 0.04% | 2026-02-17 | 2026-02-20 |
| CVE-2025-36140 | IBM watsonx.data 2.2 through 2.2.1 could allow an authenticated user to cause a denial of service through ingestion pods due to improper allocation of resources without limits. | [email protected] | 6.5 | 0.05% | 2025-12-08 | 2025-12-10 |
| CVE-2025-36144 | IBM Lakehouse (watsonx.data 2.2) stores potentially sensitive information in log files that could be read by a local user. | [email protected] | 3.3 | 0.01% | 2025-09-27 | 2025-10-03 |
| CVE-2025-36146 | IBM Lakehouse (watsonx.data 2.2) could allow an authenticated user to obtain sensitive server component version information which could aid in further attacks against the system. | [email protected] | 4.3 | 0.05% | 2025-09-18 | 2025-09-25 |
| CVE-2025-36143 | IBM Lakehouse (watsonx.data 2.2) could allow an authenticated privileged user to execute arbitrary commands on the system due to improper validation of user supplied input. | [email protected] | 4.7 | 0.02% | 2025-09-18 | 2025-09-25 |
| CVE-2025-36139 | IBM Lakehouse (watsonx.data 2.2) is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | [email protected] | 5.5 | 0.02% | 2025-09-18 | 2025-09-25 |