CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2025-0719 – IBM Cloud Pak for Data cross-site scripting
https://notcve.org/view.php?id=CVE-2025-0719
26 Feb 2025 — IBM Cloud Pak for Data 4.0.0 through 4.8.5 and 5.0.0 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. • https://www.ibm.com/support/pages/node/7184173 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-27540 – IBM Watson CP4D Data Stores denial of service
https://notcve.org/view.php?id=CVE-2023-27540
10 Jul 2023 — IBM Watson CP4D Data Stores 4.6.0 does not properly allocate resources without limits or throttling which could allow a remote attacker with information specific to the system to cause a denial of service. IBM X-Force ID: 248924. • https://exchange.xforce.ibmcloud.com/vulnerabilities/248924 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 8.3EPSS: 0%CPEs: 3EXPL: 0CVE-2022-36769 – IBM Cloud Pak for Data file upload
https://notcve.org/view.php?id=CVE-2022-36769
26 Apr 2023 — IBM Cloud Pak for Data 4.5 and 4.6 could allow a privileged user to upload malicious files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 232034. • https://exchange.xforce.ibmcloud.com/vulnerabilities/232034 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-434: Unrestricted Upload of File with Dangerous Type •