IBM Watson Studio on Cloud Pak for Data 4.0 and 5.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://www.ibm.com/support/pages/node/7243389 |
![]() ![]() |
History
Thu, 28 Aug 2025 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Thu, 28 Aug 2025 14:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | IBM Watson Studio on Cloud Pak for Data 4.0 and 5.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |
Title | IBM Watson Studio on Cloud Pak for Data cross-site scripting | |
First Time appeared |
Ibm
Ibm watson Studio On Cloud Pak For Data |
|
Weaknesses | CWE-79 | |
CPEs | cpe:2.3:a:ibm:watson_studio_on_cloud_pak_for_data:4.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:watson_studio_on_cloud_pak_for_data:5.0:*:*:*:*:*:*:* |
|
Vendors & Products |
Ibm
Ibm watson Studio On Cloud Pak For Data |
|
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: ibm
Published:
Updated: 2025-08-28T14:46:56.813Z
Reserved: 2024-10-20T13:40:16.211Z
Link: CVE-2024-49790

Updated: 2025-08-28T14:20:09.213Z

Status : Awaiting Analysis
Published: 2025-08-28T14:15:43.257
Modified: 2025-08-29T16:24:29.730
Link: CVE-2024-49790

No data.

No data.