Impact
An authentication boundary flaw in IBM watsonx.data intelligence versions 5.2.0 through 5.3.0 allows an attacker who has legitimate credentials to execute actions that are not authorized for that user. The flaw arises from improper enforcement of behavioral workflow, effectively elevating the attacker’s privileges (CWE-841). The resulting impact is the potential for disclosure, modification, or denial of data or processes that the user should not access.
Affected Systems
IBM Watsonx.data intelligence running the affected releases 5.2.0, 5.2.1, 5.2.2, or 5.3.0 is vulnerable. IBM has released fixes that are included in later builds such as 5.3.05.3.1 or newer; systems should be upgraded from any of the identified vulnerable releases.
Risk and Exploitability
The CVSS score of 4.3 places this vulnerability in the moderate severity range, yet it requires authentication, meaning the threat surface is limited to individuals who already have login credentials. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog, suggesting that current exploitation risk is low but proactive remediation is still recommended. An attacker would need an authenticated session and could exploit the workflow mis‑enforcement to perform unauthorized actions.
OpenCVE Enrichment