Home » Database

AVID-2026-R1221

Description

IBM Watson CP4D Data Stores information disclosure (CVE-2023-27291)

Details

IBM Watson CP4D Data Stores 4.6.0, 4.6.1, 4.6.2, and 4.6.3 does not encrypt sensitive or critical information before storage or transmission which could allow an attacker to obtain sensitive information. IBM X-Force ID: 248740.

Reason for inclusion in AVID: CVE-2023-27291 describes an information disclosure vulnerability in IBM Watson CP4D Data Stores, a component used within an AI platform. This is a software vulnerability affecting a data storage component that can impact AI pipelines (data used for training/serving), fitting within the software supply chain for general-purpose AI systems. The report provides explicit impact (cleartext transmission/storage of sensitive data) and references, supporting its relevance to AI systems and their supply chains.

References

Affected or Relevant Artifacts

  • Developer: IBM
  • Deployer: IBM
  • Artifact Details:
TypeName
SystemWatson CP4D Data Stores

Impact

AVID Taxonomy Categorization

  • Risk domains: Security
  • SEP subcategories: S0100: Software Vulnerability
  • Lifecycle stages: L06: Deployment

CVSS

Version3.1
Vector StringCVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
Base Score4.5
Base Severity🟠 Medium
Attack VectorNETWORK
Attack Complexity🟢 Low
Privileges Required🔴 High
User InteractionREQUIRED
ScopeUNCHANGED
Confidentiality Impact🔴 High
Integrity ImpactNONE
Availability ImpactNONE

CWE

IDDescription
CWE-319CWE-319 Cleartext Transmission of Sensitive Information

Other information

  • Report Type: Advisory
  • Credits:
  • Date Reported: 2024-03-03
  • Version: 0.3.3
  • AVID Entry