Impact
IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, and 5.3.0 are vulnerable to stored cross‑site scripting. An authenticated user can embed arbitrary JavaScript into the web interface, enabling the attacker to alter functionality and potentially expose credentials within a trusted session. The weakness lies in insufficient input validation of user‑supplied data, leading to an information‑leak and manipulation risk.
Affected Systems
The affected product is IBM watsonx.data intelligence. Versions 5.2.0 through 5.3.0 are impacted, and the fix is released in IBM watsonx.data intelligence 5.3.05.3.1 or later.
Risk and Exploitability
The CVSS score is 6.4, indicating a moderate severity vulnerability. No EPSS score is available and the vulnerability is not listed in the CISA KEV catalog. The attack vector requires the attacker to be authenticated to the system, meaning that compromised user credentials or privileged access can be abused to exploit the stored XSS flaw.
OpenCVE Enrichment