Description
IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.  This information could be used in further attacks against the system.
Published: 2026-06-30
Score: 4.3 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A detailed technical error message is returned to the browser when an exception occurs in IBM watsonx.data intelligence versions 5.2.0 through 5.3.0. The error message reveals sensitive data that could be leveraged by a remote attacker for additional exploitation. The vulnerability enables remote information disclosure via the web interface.

Affected Systems

The vulnerability affects IBM watsonx.data intelligence versions 5.2.0, 5.2.1, 5.2.2, and 5.3.0. The fix is included in release IBM watsonx.data intelligence 5.3.05.3.1.

Risk and Exploitability

The CVSS score of 4.3 indicates a medium severity. EPSS is not currently available, so the likelihood of exploitation is uncertain. This vulnerability has not been listed in CISA's KEV catalog. Attackers can exploit the vulnerability remotely by triggering a server error that causes the application to return a detailed error page. No additional privileges are required beyond external access to the web interface, and no specific authentication is mentioned, implying that the attacker must have network access to the target system.

Generated by OpenCVE AI on June 30, 2026 at 22:28 UTC.

Remediation

Vendor Solution

Affected productFixed in releaseInstructionsIBM watsonx.data intelligence 5.2.0 - 5.3.05.3.1https://www.ibm.com/docs/en/watsonx/wdi/2.3.x?topic=new-watsonxdata-intelligenceIBM strongly advises upgrading as soon as possible


OpenCVE Recommended Actions

  • Upgrade IBM watsonx.data intelligence to version 5.3.05.3.1 or later to apply the vendor‑provided fix.
  • Configure the application to suppress detailed error messages in production, ensuring only generic error responses are returned.
  • Review and sanitize logs to remove or mask any sensitive information that might be inadvertently exposed.

Generated by OpenCVE AI on June 30, 2026 at 22:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 30 Jun 2026 21:00:00 +0000

Type Values Removed Values Added
Description IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.  This information could be used in further attacks against the system.
Title Error Message Containing Sensitive Information found in Watson Data Intelligence
First Time appeared Ibm
Ibm watsonxdata Intelligence
Weaknesses CWE-209
CPEs cpe:2.3:a:ibm:watsonxdata_intelligence:5.2.0:*:*:*:*:*:*:*
Vendors & Products Ibm
Ibm watsonxdata Intelligence
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}


Subscriptions

Ibm Watsonxdata Intelligence
cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published:

Updated: 2026-06-30T20:16:45.432Z

Reserved: 2025-04-15T21:16:51.462Z

Link: CVE-2025-36328

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-30T22:30:06Z

Weaknesses
  • CWE-209

    Generation of Error Message Containing Sensitive Information