Impact
This vulnerability is a server‑side request forgery (SSRF) that exists in IBM watsonx.data intelligence releases 5.2.0 through 5.3.0. An authenticated attacker can leverage the flaw to cause the system to make arbitrary HTTP requests to internal or external hosts. The resulting unauthorized traffic may enable network enumeration, data exfiltration, or the execution of further attacks against internal services. The weakness is formally categorized under CWE‑918.
Affected Systems
IBM watsonx.data intelligence versions 5.2.0, 5.2.1, 5.2.2, and 5.3.0 are affected. No other versions are reported as vulnerable. Users should verify the exact version installed to ascertain exposure.
Risk and Exploitability
The CVSS score for this issue is 4.3, indicating moderate severity. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog. Because the flaw requires authentication, an attacker would need valid credentials, but the SSRF can be leveraged to reach internal network resources. Overall, the risk is limited if the system is properly isolated, yet the vulnerability permits potentially wide-reaching impact once authenticated.
OpenCVE Enrichment