Home » Database

AVID-2026-R1224

Description

IBM Watson CloudPak for Data Data Stores information disclosure (CVE-2023-27545)

Details

IBM Watson CloudPak for Data Data Stores information disclosure 4.6.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 248947.

Reason for inclusion in AVID: CVE-2023-27545 describes an information disclosure vulnerability in IBM Watson CloudPak for Data Data Stores, a software component used in AI/data science pipelines. This affects software used to build/deploy AI systems (data stores for AI workloads), representing a software supply-chain component vulnerability with potential data exposure. The report provides clear CVE details and references, supporting classification as a security vulnerability in an AI-related software stack.

References

Affected or Relevant Artifacts

  • Developer: IBM
  • Deployer: IBM
  • Artifact Details:
TypeName
SystemWatson CloudPak for Data Data Stores

Impact

AVID Taxonomy Categorization

  • Risk domains: Security
  • SEP subcategories: S0100: Software Vulnerability
  • Lifecycle stages: L06: Deployment

CVSS

Version3.1
Vector StringCVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Base Score4.0
Base Severity🟠 Medium
Attack VectorLOCAL
Attack Complexity🟢 Low
Privileges RequiredNONE
User InteractionNONE
ScopeUNCHANGED
Confidentiality Impact🟢 Low
Integrity ImpactNONE
Availability ImpactNONE

CWE

IDDescription
CWE-525CWE-525 Information Exposure Through Browser Caching

Other information

  • Report Type: Advisory
  • Credits:
  • Date Reported: 2024-02-29
  • Version: 0.3.3
  • AVID Entry