Impact
A vulnerability in IBM watsonx.data intelligence versions 5.2.0 through 5.3.0 allows an authenticated user to trigger a temporary denial of service by sending a specially crafted HTTP request that exploits improper allocation of resource throttling. The attack can cause the service to become unusable for legitimate users until the request is processed or the system is reset. The weakness is a classic resource exhaustion flaw, identified as CWE‑770.
Affected Systems
IBM watsonx.data intelligence versions 5.2.0, 5.2.1, 5.2.2, and 5.3.0 are affected. A fix is included in release 5.3.05.3.1 and later, and IBM strongly recommends upgrading.
Risk and Exploitability
The CVSS score of 4.3 indicates a moderate impact, and the EPSS score is not available. The vulnerability is not listed in the CISA KEV catalog. Because the flaw requires authentication and a crafted HTTP request, it is less likely to be exploited widely, but it still poses a risk of disrupting service availability for users within an organization.
OpenCVE Enrichment