Cross-Site Scripting Vulnerability in IBM Watsonx.ai
CVE-2024-49785

5.4MEDIUM

Key Information:

Vendor: IBM
Vendor: CVE Published:; 12 January 2025

Badges

👾 Exploit Exists📰 News Worthy

Summary

IBM watsonx.ai versions 1.1 through 2.0.3 and IBM watsonx.ai on Cloud Pak for Data versions 4.8 through 5.0.3 are susceptible to a cross-site scripting vulnerability. This issue enables an authenticated user to inject arbitrary JavaScript code into the Web UI, potentially compromising the intended functionality of the application. If exploited, this vulnerability could lead to security risks such as the disclosure of sensitive information, including user credentials, during a trusted session.

News Articles

GBHackers News

CVE-2024-49785

IBM Watsonx.ai Vulnerability Let Attackers Trigger XSS Attacks

A recently disclosed vulnerability, identified as CVE-2024-49785, has been found in IBM watsonx.ai, including its integration with IBM Cloud Pak for Data.

3 weeks ago

References

https://www.ibm.com/support/pages/node/7180723

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

👾
Exploit known to exist
Jan 13, 2025
📰
First article discovered by GBHackers News
Jan 13, 2025
Vulnerability published
Jan 12, 2025