Ibm Cloud Pak For Data vulnerabilities

CVE-2025-0719 [MEDIUM] CWE-79 CVE-2025-0719: IBM Cloud Pak for Data 4.0.0 through 4.8.5 and 5.0.0 is vulnerable to cross-site scripting. This vul IBM Cloud Pak for Data 4.0.0 through 4.8.5 and 5.0.0 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

CVE-2023-27545 [MEDIUM] CWE-525 CVE-2023-27545: IBM Watson CloudPak for Data Data Stores information disclosure 4.6.0 allows web pages to be stored IBM Watson CloudPak for Data Data Stores information disclosure 4.6.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 248947.

CVE-2023-26023 [MEDIUM] CWE-532 CVE-2023-26023: Planning Analytics Cartridge for Cloud Pak for Data 4.0 exposes sensitive information in logs which Planning Analytics Cartridge for Cloud Pak for Data 4.0 exposes sensitive information in logs which could lead an attacker to exploit this vulnerability to conduct further attacks. IBM X-Force ID: 247896.

CVE-2023-26026 [MEDIUM] CWE-200 CVE-2023-26026: Planning Analytics Cartridge for Cloud Pak for Data 4.0 exposes sensitive information in logs which Planning Analytics Cartridge for Cloud Pak for Data 4.0 exposes sensitive information in logs which could lead an attacker to exploit this vulnerability to conduct further attacks. IBM X-Force ID: 247896.

CVE-2023-27877 [MEDIUM] CWE-200 CVE-2023-27877: IBM Planning Analytics Cartridge for Cloud Pak for Data 4.0 connects to a CouchDB server. An attacke IBM Planning Analytics Cartridge for Cloud Pak for Data 4.0 connects to a CouchDB server. An attacker can exploit an insecure password policy to the CouchDB server and collect sensitive information from the database. IBM X-Force ID: 247905.

CVE-2023-27540 [MEDIUM] CWE-770 CVE-2023-27540: IBM Watson CP4D Data Stores 4.6.0 does not properly allocate resources without limits or throttling IBM Watson CP4D Data Stores 4.6.0 does not properly allocate resources without limits or throttling which could allow a remote attacker with information specific to the system to cause a denial of service. IBM X-Force ID: 248924.

CVE-2022-36769 [HIGH] CWE-77 CVE-2022-36769: IBM Cloud Pak for Data 4.5 and 4.6 could allow a privileged user to upload malicious files of dange IBM Cloud Pak for Data 4.5 and 4.6 could allow a privileged user to upload malicious files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 232034.

CVE-2021-38899 [MEDIUM] CVE-2021-38899: IBM Cloud Pak for Data 2.5 could allow a local user with special privileges to obtain highly sensiti IBM Cloud Pak for Data 2.5 could allow a local user with special privileges to obtain highly sensitive information. IBM X-Force ID: 209575.

CVE-2021-20486 [MEDIUM] CVE-2021-20486: IBM Cloud Pak for Data 3.0 could allow an authenticated user to obtain sensitive information when in IBM Cloud Pak for Data 3.0 could allow an authenticated user to obtain sensitive information when installed with additional plugins. IBM X-Force ID: 197668.