Impact
A detailed technical error message is returned to the browser when an exception occurs in IBM watsonx.data intelligence versions 5.2.0 through 5.3.0. The error message reveals sensitive data that could be leveraged by a remote attacker for additional exploitation. The vulnerability enables remote information disclosure via the web interface.
Affected Systems
The vulnerability affects IBM watsonx.data intelligence versions 5.2.0, 5.2.1, 5.2.2, and 5.3.0. The fix is included in release IBM watsonx.data intelligence 5.3.05.3.1.
Risk and Exploitability
The CVSS score of 4.3 indicates a medium severity. EPSS is not currently available, so the likelihood of exploitation is uncertain. This vulnerability has not been listed in CISA's KEV catalog. Attackers can exploit the vulnerability remotely by triggering a server error that causes the application to return a detailed error page. No additional privileges are required beyond external access to the web interface, and no specific authentication is mentioned, implying that the attacker must have network access to the target system.
OpenCVE Enrichment