Cross-Site Scripting Vulnerability in IBM Watsonx.ai
CVE-2024-49785
Summary
IBM watsonx.ai versions 1.1 through 2.0.3 and IBM watsonx.ai on Cloud Pak for Data versions 4.8 through 5.0.3 are susceptible to a cross-site scripting vulnerability. This issue enables an authenticated user to inject arbitrary JavaScript code into the Web UI, potentially compromising the intended functionality of the application. If exploited, this vulnerability could lead to security risks such as the disclosure of sensitive information, including user credentials, during a trusted session.
Get notified when SecurityVulnerability.io launches alerting 🔔
Well keep you posted 📧
News Articles

IBM Watsonx.ai Vulnerability Let Attackers Trigger XSS Attacks
A recently disclosed vulnerability, identified as CVE-2024-49785, has been found in IBM watsonx.ai, including its integration with IBM Cloud Pak for Data.

IBM watsonx.ai Vulnerability Let Attackers Embed Arbitrary JavaScript Code in Web UI
IBM disclosed a significant vulnerability in its watsonx.ai platform, potentially exposing users to cross-site scripting (XSS) attacks. The vulnerability, identified as CVE-2024-49785, affects both IBM watsonx.ai on Cloud Pak for Data and standalone IBM watsonx.ai installations. The security flaw al...
References
CVSS V3.1
Timeline
- 👾
Exploit known to exist
- 📰
First article discovered by CybersecurityNews
Vulnerability published