Description
IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow an authenticated user to cause a temporary denial using a specially crafted HTTP request due to improper allocation of resource throttling.
Published: 2026-06-30
Score: 4.3 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A vulnerability in IBM watsonx.data intelligence versions 5.2.0 through 5.3.0 allows an authenticated user to trigger a temporary denial of service by sending a specially crafted HTTP request that exploits improper allocation of resource throttling. The attack can cause the service to become unusable for legitimate users until the request is processed or the system is reset. The weakness is a classic resource exhaustion flaw, identified as CWE‑770.

Affected Systems

IBM watsonx.data intelligence versions 5.2.0, 5.2.1, 5.2.2, and 5.3.0 are affected. A fix is included in release 5.3.05.3.1 and later, and IBM strongly recommends upgrading.

Risk and Exploitability

The CVSS score of 4.3 indicates a moderate impact, and the EPSS score is not available. The vulnerability is not listed in the CISA KEV catalog. Because the flaw requires authentication and a crafted HTTP request, it is less likely to be exploited widely, but it still poses a risk of disrupting service availability for users within an organization.

Generated by OpenCVE AI on June 30, 2026 at 22:25 UTC.

Remediation

Vendor Solution

Affected productFixed in releaseInstructionsIBM watsonx.data intelligence 5.2.0 - 5.3.05.3.1 https://www.ibm.com/docs/en/watsonx/wdi/2.3.x?topic=new-watsonxdata-intelligence IBM strongly advises upgrading as soon as possible


OpenCVE Recommended Actions

  • Upgrade IBM watsonx.data intelligence to version 5.3.05.3.1 or later.
  • Restrict access to the vulnerable API endpoints to authorized users only, limiting the attack surface for authenticated users.
  • Implement additional input validation and enforce strict resource throttling to prevent excessive resource allocation.

Generated by OpenCVE AI on June 30, 2026 at 22:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 30 Jun 2026 21:00:00 +0000

Type Values Removed Values Added
Description IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow an authenticated user to cause a temporary denial using a specially crafted HTTP request due to improper allocation of resource throttling.
Title Vulnerabilities found in Watson Data Intelligence
First Time appeared Ibm
Ibm watsonxdata Intelligence
Weaknesses CWE-770
CPEs cpe:2.3:a:ibm:watsonxdata_intelligence:5.2.0:*:*:*:*:*:*:*
Vendors & Products Ibm
Ibm watsonxdata Intelligence
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L'}


Subscriptions

Ibm Watsonxdata Intelligence
cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published:

Updated: 2026-06-30T20:23:09.020Z

Reserved: 2025-04-15T21:16:50.580Z

Link: CVE-2025-36319

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-30T22:30:06Z

Weaknesses
  • CWE-770

    Allocation of Resources Without Limits or Throttling