Description
IBM watsonx.data intelligence 5.2.2, 5.3.0, 5.3.1, 5.3.1 through patch-1 transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques.
Published: 2026-06-30
Score: 5.9 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

IBM watsonx.data intelligence versions 5.2.2, 5.3.0, 5.3.1, and 5.3.1 through patch‑1 transmit data in clear text, enabling an attacker to intercept and recover sensitive information. The vulnerability is classified as CWE‑319, a clear‑text transmission weakness that compromises confidentiality.

Affected Systems

Affected systems are IBM watsonx.data intelligence from version 5.2.2 through 5.3.1 including patch‑1. IBM recommends upgrading to 5.2.2‑5.3.1‑patch15.3.1‑patch3, with detailed instructions available on IBM’s support site.

Risk and Exploitability

The CVSS score of 5.9 indicates moderate severity, and the EPSS score is not available. The vulnerability is not listed in CISA KEV. Exploitation requires an attacker positioned on the communication path to perform a man‑in‑the‑middle attack; no special privileges or local access are necessary. Once intercepted, the attacker can read any sensitive data being transmitted in clear text.

Generated by OpenCVE AI on June 30, 2026 at 22:24 UTC.

Remediation

Vendor Solution

Affected ProductFixed VersionsInstructionsIBM watsonx.data intelligence 5.2.2 - 5.3.1-patch15.3.1-patch3 https://www.ibm.com/docs/en/watsonx/wdi/2.3.x?topic=new-watsonxdata-intelligence IBM strongly advises upgrading as soon as possible


OpenCVE Recommended Actions

  • Upgrade IBM watsonx.data intelligence to the fixed release 5.2.2‑5.3.1‑patch15.3.1‑patch3 or later following IBM’s documented procedure.
  • Apply the IBM patch as instructed in the official IBM documentation, ensuring all components are updated.
  • Reconfigure the environment to enforce encrypted communication (TLS/SSL) and disable any legacy clear‑text protocols that may still be enabled.

Generated by OpenCVE AI on June 30, 2026 at 22:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 30 Jun 2026 21:00:00 +0000

Type Values Removed Values Added
Description IBM watsonx.data intelligence 5.2.2, 5.3.0, 5.3.1, 5.3.1 through patch-1 transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques.
Title Vulnerabilities found in Watson Data Intelligence
First Time appeared Ibm
Ibm watsonxdata Intelligence
Weaknesses CWE-319
CPEs cpe:2.3:a:ibm:watsonxdata_intelligence:5.2.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:watsonxdata_intelligence:patch-1:*:*:*:*:*:*:*
Vendors & Products Ibm
Ibm watsonxdata Intelligence
References
Metrics cvssV3_1

{'score': 5.9, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N'}


Subscriptions

Ibm Watsonxdata Intelligence
cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published:

Updated: 2026-06-30T20:34:09.566Z

Reserved: 2025-10-30T18:13:49.495Z

Link: CVE-2025-12530

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-30T22:30:06Z

Weaknesses
  • CWE-319

    Cleartext Transmission of Sensitive Information