Description
IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.3.0, 5.3.1 stores user credentials in plain text which can be read by a local user.
Published: 2026-04-30
Score: 6.2 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

IBM Watsonx.data Intelligence versions 5.2.0, 5.2.1, 5.3.0, 5.3.1 store user credentials in plain text, enabling a local user to read them. This weakness compromises the confidentiality of authentication information and could allow credential theft or account takeover if the local user already has access to the system.

Affected Systems

The vulnerability affects IBM Watsonx.data Intelligence, a data and intelligence platform. The impacted product versions include 5.2.0, 5.2.1, 5.3.0, and 5.3.1.

Risk and Exploitability

The CVSS score of 6.2 indicates a moderate severity. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog. The attack vector is local: a malicious or compromised local user can read a file that contains credentials in clear text, compromising confidentiality. No remote exploitation is described by the input data.

Generated by OpenCVE AI on May 2, 2026 at 00:14 UTC.

Remediation

Vendor Solution

Update version to 5.3.1-patch3 https://www.ibm.com/docs/en/software-hub/5.3.x?topic=overview-available-patches-software-hub-version-531

OpenCVE Recommended Actions

  • Update IBM Watsonx.data Intelligence to the latest patch version 5.3.1‑patch3
  • Restrict file system permissions to prevent local users from accessing credential files
  • Audit credential storage locations regularly to detect and remediate plaintext credential files

Generated by OpenCVE AI on May 2, 2026 at 00:14 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 01 May 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 30 Apr 2026 21:45:00 +0000

Type Values Removed Values Added
Description IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.3.0, 5.3.1 stores user credentials in plain text which can be read by a local user.
Title Vulnerabilities found
First Time appeared Ibm
Ibm watsonxdata Intelligence
Weaknesses CWE-256
CPEs cpe:2.3:a:ibm:watsonxdata_intelligence:5.2.0:*:*:*:*:*:*:*
Vendors & Products Ibm
Ibm watsonxdata Intelligence
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

Subscriptions

Ibm Watsonxdata Intelligence
cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published:

Updated: 2026-05-01T14:23:11.089Z

Reserved: 2025-04-15T21:16:52.391Z

Link: CVE-2025-36335

cve-icon Vulnrichment

Updated: 2026-05-01T14:23:07.723Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-30T22:16:24.873

Modified: 2026-05-01T15:27:15.287

Link: CVE-2025-36335

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-02T00:15:06Z

Weaknesses