本页列出影响 ibm cloud_pak_for_data 的已公开 CVE 漏洞(通过 NVD CPE 关联)。每行包含严重程度评分、摘要与发布日期,便于识别与分析安全问题。
| CVE | 摘要 | 来源 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|---|
| CVE-2025-0719 | IBM Cloud Pak for Data 4.0.0 through 4.8.5 and 5.0.0 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | [email protected] | 6.1 | 0.30% | 2025-02-26 | 2026-06-17 |
| CVE-2023-27545 | IBM Watson CloudPak for Data Data Stores information disclosure 4.6.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 248947. | [email protected] | 4.0 | 0.19% | 2024-02-28 | 2026-06-17 |
| CVE-2023-27877 | IBM Planning Analytics Cartridge for Cloud Pak for Data 4.0 connects to a CouchDB server. An attacker can exploit an insecure password policy to the CouchDB server and collect sensitive information from the database. IBM X-Force ID: 247905. | [email protected] | 5.3 | 0.46% | 2023-07-18 | 2026-06-17 |
| CVE-2023-26026 | Planning Analytics Cartridge for Cloud Pak for Data 4.0 exposes sensitive information in logs which could lead an attacker to exploit this vulnerability to conduct further attacks. IBM X-Force ID: 247896. | [email protected] | 5.3 | 0.49% | 2023-07-18 | 2026-06-17 |
| CVE-2023-26023 | Planning Analytics Cartridge for Cloud Pak for Data 4.0 exposes sensitive information in logs which could lead an attacker to exploit this vulnerability to conduct further attacks. IBM X-Force ID: 247896. | [email protected] | 6.5 | 0.56% | 2023-07-18 | 2026-06-17 |
| CVE-2023-27540 | IBM Watson CP4D Data Stores 4.6.0 does not properly allocate resources without limits or throttling which could allow a remote attacker with information specific to the system to cause a denial of service. IBM X-Force ID: 248924. | [email protected] | 5.9 | 0.98% | 2023-07-10 | 2026-06-17 |
| CVE-2022-36769 | IBM Cloud Pak for Data 4.5 and 4.6 could allow a privileged user to upload malicious files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 232034. | [email protected] | 7.2 | 0.87% | 2023-04-25 | 2026-06-17 |
| CVE-2021-38899 | IBM Cloud Pak for Data 2.5 could allow a local user with special privileges to obtain highly sensitive information. IBM X-Force ID: 209575. | [email protected] | 4.4 | 0.26% | 2021-09-20 | 2026-06-17 |
| CVE-2021-20486 | IBM Cloud Pak for Data 3.0 could allow an authenticated user to obtain sensitive information when installed with additional plugins. IBM X-Force ID: 197668. | [email protected] | 6.5 | 0.85% | 2021-05-26 | 2026-06-16 |