Cross-Site Scripting Vulnerability in IBM Watsonx.ai
CVE-2024-49785

5.4MEDIUM

Key Information:

Vendor
IBM
Vendor
CVE Published:
12 January 2025

Badges

👾 Exploit Exists📰 News Worthy

Summary

IBM watsonx.ai versions 1.1 through 2.0.3 and IBM watsonx.ai on Cloud Pak for Data versions 4.8 through 5.0.3 are susceptible to a cross-site scripting vulnerability. This issue enables an authenticated user to inject arbitrary JavaScript code into the Web UI, potentially compromising the intended functionality of the application. If exploited, this vulnerability could lead to security risks such as the disclosure of sensitive information, including user credentials, during a trusted session.

News Articles

favicon imageGBHackers News

IBM Watsonx.ai Vulnerability Let Attackers Trigger XSS Attacks

A recently disclosed vulnerability, identified as CVE-2024-49785, has been found in IBM watsonx.ai, including its integration with IBM Cloud Pak for Data.

favicon imageCybersecurityNews

IBM watsonx.ai Vulnerability Let Attackers Embed Arbitrary JavaScript Code in Web UI

IBM disclosed a significant vulnerability in its watsonx.ai platform, potentially exposing users to cross-site scripting (XSS) attacks. The vulnerability, identified as CVE-2024-49785, affects both IBM watsonx.ai on Cloud Pak for Data and standalone IBM watsonx.ai installations. The security flaw al...

References

https://www.ibm.com/support/pages/node/7180723

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • 👾

    Exploit known to exist

  • 📰

    First article discovered by CybersecurityNews

  • Vulnerability published

.