Description
IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow an authenticated user to bypass security controls and perform unauthorized actions due to client-side enforcement of sever-side security.
Published: 2026-06-30
Score: 6.5 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This vulnerability allows an authenticated user to bypass server‑side security controls that are enforced only on the client side, enabling the user to perform actions they should not be authorized to carry out. The weakness stems from improper separation between client‑side and server‑side enforcement and results in unauthorized actions rather than full system compromise.

Affected Systems

Only IBM Watsonx Data Intelligence is affected in the 5.2.0, 5.2.1, 5.2.2, and 5.3.0 releases. The vendor product IBM:watsonx.data intelligence is explicitly listed in the CNA data.

Risk and Exploitability

The CVSS score of 6.5 indicates moderate severity. Exploitation requires possession of valid credentials and does not rely on remote code execution. The EPSS score is not available, and the CVE is not listed in the KEV catalog, suggesting no publicly documented exploits at this time. Nevertheless, the authentication bypass permits attacker‑driven policy violations that can compromise confidentiality or integrity of data processed through the system.

Generated by OpenCVE AI on June 30, 2026 at 22:52 UTC.

Remediation

Vendor Solution

Affected productFixed in releaseInstructionsIBM watsonx.data intelligence 5.2.0 - 5.3.05.3.1 https://www.ibm.com/docs/en/watsonx/wdi/2.3.x?topic=new-watsonxdata-intelligence IBM strongly advises upgrading as soon as possible


OpenCVE Recommended Actions

  • Apply the IBM watsonx.data intelligence patch by upgrading to version 5.3.05.3.1 or later
  • Disable or restrict any client‑side configuration that overrides server‑side security policies
  • Monitor audit logs for unauthorized actions and verify that authentication controls are enforced

Generated by OpenCVE AI on June 30, 2026 at 22:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 30 Jun 2026 21:00:00 +0000

Type Values Removed Values Added
Description IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow an authenticated user to bypass security controls and perform unauthorized actions due to client-side enforcement of sever-side security.
Title Vulnerabilities found in Watson Data Intelligence
First Time appeared Ibm
Ibm watsonxdata Intelligence
Weaknesses CWE-602
CPEs cpe:2.3:a:ibm:watsonxdata_intelligence:5.2.0:*:*:*:*:*:*:*
Vendors & Products Ibm
Ibm watsonxdata Intelligence
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N'}


Subscriptions

Ibm Watsonxdata Intelligence
cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published:

Updated: 2026-06-30T20:17:27.469Z

Reserved: 2025-04-15T21:16:51.462Z

Link: CVE-2025-36327

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-30T23:00:12Z

Weaknesses
  • CWE-602

    Client-Side Enforcement of Server-Side Security