CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2025-0719 – IBM Cloud Pak for Data cross-site scripting
https://notcve.org/view.php?id=CVE-2025-0719
26 Feb 2025 — IBM Cloud Pak for Data 4.0.0 through 4.8.5 and 5.0.0 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. • https://www.ibm.com/support/pages/node/7184173 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2024-22341 – IBM Watson Query on Cloud Pak for Data information disclosure
https://notcve.org/view.php?id=CVE-2024-22341
22 Feb 2025 — IBM Watson Query on Cloud Pak for Data 4.0.0 through 4.0.9, 4.5.0 through 4.5.3, 4.6.0 through 4.6.6, 4.7.0 through 4.7.4, and 4.8.0 through 4.8.7 could allow unauthorized data access from a remote data source object due to improper privilege management. • https://www.ibm.com/support/pages/node/7183851 • CWE-269: Improper Privilege Management •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37526 – IBM Watson Query on Cloud Pak for Data information disclosure
https://notcve.org/view.php?id=CVE-2024-37526
27 Jan 2025 — IBM Watson Query on Cloud Pak for Data (IBM Data Virtualization 1.8, 2.0, 2.1, 2.2, and 3.0.0) could allow an authenticated user to obtain sensitive information from objects published using Watson Query due to an improper data protection mechanism. IBM Watson Query on Cloud Pak for Data (IBM Data Virtualization 1.8, 2.0, 2.1, 2.2, and 3.0.0) could allow an authenticated user to obtain sensitive information from objects published using Watson Query due to an improper data protection mechanism. • https://www.ibm.com/support/pages/node/7173774 • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41739 – IBM Cognos Dashboards on Cloud Pak for Data privilege escalation
https://notcve.org/view.php?id=CVE-2024-41739
24 Jan 2025 — IBM Cognos Dashboards 4.0.7 and 5.0.0 on Cloud Pak for Data could allow a remote attacker to perform unauthorized actions due to dependency confusion. • https://www.ibm.com/support/pages/node/7177766 • CWE-427: Uncontrolled Search Path Element •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-49785 – IBM watsonx.ai cross-site scripting
https://notcve.org/view.php?id=CVE-2024-49785
12 Jan 2025 — IBM watsonx.ai 1.1 through 2.0.3 and IBM watsonx.ai on Cloud Pak for Data 4.8 through 5.0.3 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. • https://www.ibm.com/support/pages/node/7180723 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49353 – IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data denial of service
https://notcve.org/view.php?id=CVE-2024-49353
26 Nov 2024 — IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data 4.0.0 through 5.0.2 does not properly check inputs to resources that are used concurrently, which might lead to unexpected states, possibly resulting in a crash. IBM Watson Speech Services Cartridge para IBM Cloud Pak for Data 4.0.0 a 5.0.2 no verifica correctamente las entradas a los recursos que se utilizan simultáneamente, lo que puede generar estados inesperados que posiblemente provoquen un bloqueo. • https://www.ibm.com/support/pages/node/7177065 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2024-35160 – IBM Watson Query on Cloud Pak for Data and IBM Db2 Big SQL on Cloud Pak for Data information disclosure
https://notcve.org/view.php?id=CVE-2024-35160
23 Nov 2024 — IBM Watson Query on Cloud Pak for Data 1.8, 2.0, 2.1, 2.2 and IBM Db2 Big SQL on Cloud Pak for Data 7.3, 7.4, 7.5, and 7.6 could allow an authenticated user to obtain sensitive information due to insufficient session expiration. IBM Watson Query on Cloud Pak for Data 1.8, 2.0, 2.1, 2.2 and IBM Db2 Big SQL on Cloud Pak for Data 7.3, 7.4, 7.5, and 7.6 could allow an authenticated user to obtain sensitive information due to insufficient session expiration. • https://www.ibm.com/support/pages/node/7168703 • CWE-613: Insufficient Session Expiration •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-38714 – IBM DataStage on Cloud Pak for Data information disclosure
https://notcve.org/view.php?id=CVE-2022-38714
12 Feb 2024 — IBM DataStage on Cloud Pak for Data 4.0.6 to 4.5.2 stores sensitive credential information that can be read by a privileged user. IBM X-Force ID: 235060. IBM DataStage on Cloud Pak for Data 4.0.6 a 4.5.2 almacena información de credenciales confidencial que puede leer un usuario privilegiado. ID de IBM X-Force: 235060. • https://exchange.xforce.ibmcloud.com/vulnerabilities/235060 •
CVSS: 8.4EPSS: 0%CPEs: 3EXPL: 0CVE-2023-28523 – IBM Informix Dynamic Server buffer overflow
https://notcve.org/view.php?id=CVE-2023-28523
09 Dec 2023 — IBM Informix Dynamic Server 12.10 and 14.10 onsmsync is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow an attacker to execute arbitrary code. IBM X-Force ID: 250753. IBM Informix Dynamic Server 12.10 y 14.10 onsmsync es vulnerable a un desbordamiento de búfer de almacenamiento dinámico, causado por una verificación de los límites inadecuada que podría permitir a un atacante ejecutar código arbitrario. ID de IBM X-Force: 250753. • https://exchange.xforce.ibmcloud.com/vulnerabilities/250753 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 6.2EPSS: 0%CPEs: 3EXPL: 0CVE-2023-28526 – IBM Informix Dynamic Server buffer overflow
https://notcve.org/view.php?id=CVE-2023-28526
09 Dec 2023 — IBM Informix Dynamic Server 12.10 and 14.10 archecker is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow a local user to cause a segmentation fault. IBM X-Force ID: 251204. IBM Informix Dynamic Server 12.10 y 14.10 archecker es vulnerable a un desbordamiento de búfer de almacenamiento dinámico, causado por una verificación de los límites incorrecta que podría permitir que un usuario local cause un error de segmentación. ID de IBM X-Force: 251204. • https://exchange.xforce.ibmcloud.com/vulnerabilities/251204 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •