Compliance Impact

The vulnerability involves storing user credentials in plain text, which can be read by a local user. This practice can lead to unauthorized access to sensitive information.

Storing credentials in plain text may violate security requirements in common standards and regulations such as GDPR and HIPAA, which mandate protecting personal and sensitive data against unauthorized access.

Therefore, this vulnerability could negatively impact compliance with these regulations by exposing user credentials to local attackers.

Useful 0 Not Useful 0

Executive Summary

This vulnerability exists in IBM watsonx.data intelligence versions 5.2.0, 5.2.1, 5.3.0, and 5.3.1 where user credentials are stored in plain text.

Because the credentials are not encrypted or otherwise protected, a local user on the system can read these credentials directly.

Useful 0 Not Useful 0

Impact Analysis

The vulnerability allows a local user to access sensitive user credentials stored in plain text.

This can lead to unauthorized access to user accounts or systems, potentially compromising confidentiality.

The CVSS score of 6.2 indicates a medium severity impact, primarily affecting confidentiality without impacting integrity or availability.

Useful 0 Not Useful 0