Scaner-VSvulnerability catalog · v4.2

Home Catalog Sources CWE CAPEC ATT&CK Mitigations Products Vendors Docs

← Back to List

IBM›Applicationnvd

Cloud Pak For Data

Vulnerabilities

12

Known exploited

0

Max CVSS

8.8

Top EPSS

0.0098

Severity breakdown

Critical

0

High

6

Medium

6

Low

0

Affected version ranges

4.0.6–4.5.24.0–4.8.5

Also matched as (raw): db2,db2_warehouse,datastage,cloud_pak_for_data,watson_cp4d_data_stores,big_sql

Top vulnerabilities

CVE-2023-42005IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data 3.5, 4.0, 4.5, 4.6, 4.7, and 4.8 could allow a user with access to the Kubernetes pod, to make system calls compromising the security of containers. IBM X-Force ID: 265264.

CVE-2023-27877IBM Planning Analytics Cartridge for Cloud Pak for Data 4.0 connects to a CouchDB server. An attacker can exploit an insecure password policy to the CouchDB server and collect sensitive information from the database. IBM X-Force ID: 247905.

CVE-2023-27540IBM Watson CP4D Data Stores 4.6.0 does not properly allocate resources without limits or throttling which could allow a remote attacker with information specific to the system to cause a denial of service. IBM X-Force ID: 248924.

CVE-2023-26026Planning Analytics Cartridge for Cloud Pak for Data 4.0 exposes sensitive information in logs which could lead an attacker to exploit this vulnerability to conduct further attacks. IBM X-Force ID: 247896.

CVE-2023-26023Planning Analytics Cartridge for Cloud Pak for Data 4.0 exposes sensitive information in logs which could lead an attacker to exploit this vulnerability to conduct further attacks. IBM X-Force ID: 247896.

CVE-2022-36769 IBM Cloud Pak for Data 4.5 and 4.6 could allow a privileged user to upload malicious files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 232034.

CVE-2022-22353IBM Big SQL on IBM Cloud Pak for Data 7.1.0, 7.1.1, 7.2.0, and 7.2.3 could allow an authenticated user with appropriate permissions to obtain sensitive information by bypassing data masking rules using a CREATE TABLE SELECT statement. IBM X-Force ID: 220480.

CVE-2021-20486IBM Cloud Pak for Data 3.0 could allow an authenticated user to obtain sensitive information when installed with additional plugins. IBM X-Force ID: 197668.

CVE-2025-0719IBM Cloud Pak for Data 4.0.0 through 4.8.5 and 5.0.0 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

CVE-2023-27545IBM Watson CloudPak for Data Data Stores information disclosure 4.6.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 248947.

CVE-2022-38714IBM DataStage on Cloud Pak for Data 4.0.6 to 4.5.2 stores sensitive credential information that can be read by a privileged user. IBM X-Force ID: 235060.

CVE-2021-38899IBM Cloud Pak for Data 2.5 could allow a local user with special privileges to obtain highly sensitive information. IBM X-Force ID: 209575.

View vendor →Open in catalog with product filter →