Impact
IBM watsonx.data intelligence versions 5.2.0 through 5.3.0 transmit data in clear text, which allows an attacker to intercept and read confidential information using a man‑in‑the‑middle attack. The flaw falls under CWE‑319, the clear‑text transmission of sensitive information, and can lead to the disclosure of private data, though it does not affect integrity or availability.
Affected Systems
Affected products are IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, and 5.3.0. No other versions or components are listed as vulnerable, and the fix is provided in IBM release 5.3.05.3.1.
Risk and Exploitability
The CVSS score of 5.9 indicates a moderate severity. EPSS is not available, and the vulnerability is not listed in CISA’s KEV catalog. The attack vector is likely network‑based; an attacker with access to the data path can perform a passive eavesdrop or active MITM when the communication channel lacks encryption. Because the flaw only involves clear‑text transmission, it is easier to exploit than a complex code‑execution vulnerability, but it still poses a significant confidentiality risk. No public exploit has been reported as of the data available.
OpenCVE Enrichment