Impact
IBM watsonx.data intelligence versions 5.2.2, 5.3.0, 5.3.1, and 5.3.1 through patch‑1 transmit data in clear text, enabling an attacker to intercept and recover sensitive information. The vulnerability is classified as CWE‑319, a clear‑text transmission weakness that compromises confidentiality.
Affected Systems
Affected systems are IBM watsonx.data intelligence from version 5.2.2 through 5.3.1 including patch‑1. IBM recommends upgrading to 5.2.2‑5.3.1‑patch15.3.1‑patch3, with detailed instructions available on IBM’s support site.
Risk and Exploitability
The CVSS score of 5.9 indicates moderate severity, and the EPSS score is not available. The vulnerability is not listed in CISA KEV. Exploitation requires an attacker positioned on the communication path to perform a man‑in‑the‑middle attack; no special privileges or local access are necessary. Once intercepted, the attacker can read any sensitive data being transmitted in clear text.
OpenCVE Enrichment