CVE-2025-36335
IBM watsonx.data plain text credential exposure
Publication date: 2026-04-30
Last updated on: 2026-04-30
Assigner: IBM Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ibm | watsonx.data_intelligence | 5.2.0 |
| ibm | watsonx.data_intelligence | 5.2.1 |
| ibm | watsonx.data_intelligence | 5.3.0 |
| ibm | watsonx.data_intelligence | 5.3.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-256 | The product stores a password in plaintext within resources such as memory or files. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in IBM watsonx.data intelligence versions 5.2.0, 5.2.1, 5.3.0, and 5.3.1 where user credentials are stored in plain text.
Because the credentials are not encrypted or otherwise protected, a local user on the system can read these credentials directly.
How can this vulnerability impact me? :
The vulnerability allows a local user to access sensitive user credentials stored in plain text.
This can lead to unauthorized access to user accounts or systems, potentially compromising confidentiality.
The CVSS score of 6.2 indicates a medium severity impact, primarily affecting confidentiality without impacting integrity or availability.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability involves storing user credentials in plain text, which can be read by a local user. This practice can lead to unauthorized access to sensitive information.
Storing credentials in plain text may violate security requirements in common standards and regulations such as GDPR and HIPAA, which mandate protecting personal and sensitive data against unauthorized access.
Therefore, this vulnerability could negatively impact compliance with these regulations by exposing user credentials to local attackers.