CVE Catalog

CVE-2025-36323

MediumCVSS 5.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.23%

13th percentile — higher than 13% of all known CVEs

Summary

Cross-site scripting vulnerability in IBM watsonx.data intelligence allows an authenticated user to embed arbitrary JavaScript code in the Web UI, potentially leading to credential disclosure within a trusted session.

Risk Assessment

The risk involves potential theft of administrator or other privileged user credentials through malicious script execution in the victim's browser.

Recommendation

Immediately update to the latest version of IBM watsonx.data intelligence and implement input/output filtering for user data in the web interface.

Original NVD description (English source)

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS