Description
IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques.
Published: 2026-06-30
Score: 5.9 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

IBM watsonx.data intelligence versions 5.2.0 through 5.3.0 transmit data in clear text, which allows an attacker to intercept and read confidential information using a man‑in‑the‑middle attack. The flaw falls under CWE‑319, the clear‑text transmission of sensitive information, and can lead to the disclosure of private data, though it does not affect integrity or availability.

Affected Systems

Affected products are IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, and 5.3.0. No other versions or components are listed as vulnerable, and the fix is provided in IBM release 5.3.05.3.1.

Risk and Exploitability

The CVSS score of 5.9 indicates a moderate severity. EPSS is not available, and the vulnerability is not listed in CISA’s KEV catalog. The attack vector is likely network‑based; an attacker with access to the data path can perform a passive eavesdrop or active MITM when the communication channel lacks encryption. Because the flaw only involves clear‑text transmission, it is easier to exploit than a complex code‑execution vulnerability, but it still poses a significant confidentiality risk. No public exploit has been reported as of the data available.

Generated by OpenCVE AI on June 30, 2026 at 22:28 UTC.

Remediation

Vendor Solution

Affected productFixed in releaseInstructionsIBM watsonx.data intelligence 5.2.0 - 5.3.05.3.1 https://www.ibm.com/docs/en/watsonx/wdi/2.3.x?topic=new-watsonxdata-intelligence IBM strongly advises upgrading as soon as possible


OpenCVE Recommended Actions

  • Upgrade IBM watsonx.data intelligence to version 5.3.05.3.1 or later, where the clear‑text transmission issue has been fixed
  • Ensure all data transfers are performed over secure, encrypted channels such as TLS; configure the application to reject unsecured connections
  • Verify that network traffic from the application is encrypted by inspecting certificates and traffic flow to confirm no clear‑text data is transmitted

Generated by OpenCVE AI on June 30, 2026 at 22:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 30 Jun 2026 21:00:00 +0000

Type Values Removed Values Added
Description IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques.
Title Transmission of Sensitive Information found in Watson Data Intelligence
First Time appeared Ibm
Ibm watsonxdata Intelligence
Weaknesses CWE-319
CPEs cpe:2.3:a:ibm:watsonxdata_intelligence:5.2.0:*:*:*:*:*:*:*
Vendors & Products Ibm
Ibm watsonxdata Intelligence
References
Metrics cvssV3_1

{'score': 5.9, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N'}


Subscriptions

Ibm Watsonxdata Intelligence
cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published:

Updated: 2026-06-30T20:12:44.126Z

Reserved: 2025-04-15T21:16:52.391Z

Link: CVE-2025-36336

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-30T22:30:06Z

Weaknesses
  • CWE-319

    Cleartext Transmission of Sensitive Information