Impact
This vulnerability allows an authenticated user to bypass server‑side security controls that are enforced only on the client side, enabling the user to perform actions they should not be authorized to carry out. The weakness stems from improper separation between client‑side and server‑side enforcement and results in unauthorized actions rather than full system compromise.
Affected Systems
Only IBM Watsonx Data Intelligence is affected in the 5.2.0, 5.2.1, 5.2.2, and 5.3.0 releases. The vendor product IBM:watsonx.data intelligence is explicitly listed in the CNA data.
Risk and Exploitability
The CVSS score of 6.5 indicates moderate severity. Exploitation requires possession of valid credentials and does not rely on remote code execution. The EPSS score is not available, and the CVE is not listed in the KEV catalog, suggesting no publicly documented exploits at this time. Nevertheless, the authentication bypass permits attacker‑driven policy violations that can compromise confidentiality or integrity of data processed through the system.
OpenCVE Enrichment