Thursday, May 22, 2025
HomeCVE/vulnerabilityIBM Watsonx.ai Vulnerability Let Attackers Trigger XSS Attacks

IBM Watsonx.ai Vulnerability Let Attackers Trigger XSS Attacks

Published on

SIEM as a Service

Follow Us on Google News

A recently disclosed vulnerability, identified as CVE-2024-49785, has been found in IBM watsonx.ai, including its integration with IBM Cloud Pak for Data.

This vulnerability exposes users to cross-site scripting (XSS) attacks, potentially compromising sensitive information.

IBM Watsonx.ai Vulnerability

The issue arises from improper input neutralization in the Web UI of IBM watsonx.ai. Authenticated users can exploit this flaw to inject arbitrary JavaScript code into the application interface.

- Advertisement - Google News

This could alter the intended functionality and lead to credential disclosure within a trusted session.

Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free

The vulnerability has been classified under CWE-79 (Improper Neutralization of Input During Web Page Generation) and carries a CVSS Base Score of 5.4, indicating moderate severity.

Affected Products and Versions

ProductVersion(s)
IBM watsonx.ai on Cloud Pak for Data4.8 – 5.0.3
IBM watsonx.ai1.1 – 2.0.3

IBM strongly advises users to upgrade to the following fixed versions to mitigate the risk:

ProductFixed Version(s)
IBM watsonx.ai on IBM Software Hub5.1.0 and above
IBM watsonx.ai2.1.0 and above

IBM advises all customers to subscribe to “My Notifications” for timely alerts about security updates and product support bulletins.

 Additionally, users can refer to IBM’s Secure Engineering Web Portal and Product Security Incident Response Blog for further guidance.

This vulnerability was disclosed on January 10, 2025, and is remotely exploitable, requiring some user interaction for successful exploitation.

For more details on upgrading and securing your systems, visit IBM’s official security bulletin or consult the CVE database entry.

By addressing this issue proactively, organizations can prevent potential exploitation and safeguard their sensitive data from malicious actors.

Find this News Interesting! Follow us on Google NewsLinkedIn, and X to Get Instant Updates!

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

CefSharp Enumeration Tool Identifies Critical Security Issues in .NET Desktop Applications

Cybersecurity researchers and red teamers, a newly released tool named CefEnum is shedding light...

Russian Hackers Exploit Oracle Cloud Infrastructure to Target Scaleway Object Storage

Russian threat actors have been leveraging trusted cloud infrastructure platforms like Oracle Cloud Infrastructure...

Critical Vulnerability in Netwrix Password Manager Enables Authenticated Remote Code Execution

A critical security vulnerability has been discovered in Netwrix Password Secure, a widely used...

Cityworks Zero-Day Vulnerability Used by UAT-638 Hackers to Infect IIS Servers with Shell Malware

Cisco Talos has uncovered active exploitation of a zero-day remote-code-execution vulnerability, identified as CVE-2025-0994,...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

CefSharp Enumeration Tool Identifies Critical Security Issues in .NET Desktop Applications

Cybersecurity researchers and red teamers, a newly released tool named CefEnum is shedding light...

Russian Hackers Exploit Oracle Cloud Infrastructure to Target Scaleway Object Storage

Russian threat actors have been leveraging trusted cloud infrastructure platforms like Oracle Cloud Infrastructure...

Critical Vulnerability in Netwrix Password Manager Enables Authenticated Remote Code Execution

A critical security vulnerability has been discovered in Netwrix Password Secure, a widely used...