IBM Watson Studio on Cloud Pak for Data 4.0 and 5.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
History

Thu, 28 Aug 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 28 Aug 2025 14:15:00 +0000

Type Values Removed Values Added
Description IBM Watson Studio on Cloud Pak for Data 4.0 and 5.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Title IBM Watson Studio on Cloud Pak for Data cross-site scripting
First Time appeared Ibm
Ibm watson Studio On Cloud Pak For Data
Weaknesses CWE-79
CPEs cpe:2.3:a:ibm:watson_studio_on_cloud_pak_for_data:4.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:watson_studio_on_cloud_pak_for_data:5.0:*:*:*:*:*:*:*
Vendors & Products Ibm
Ibm watson Studio On Cloud Pak For Data
References
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published:

Updated: 2025-08-28T14:46:56.813Z

Reserved: 2024-10-20T13:40:16.211Z

Link: CVE-2024-49790

cve-icon Vulnrichment

Updated: 2025-08-28T14:20:09.213Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-08-28T14:15:43.257

Modified: 2025-08-29T16:24:29.730

Link: CVE-2024-49790

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.