We use cookies to improve your experience on our site.
AVID-2026-R1230
Description
IBM Watson CP4D Data Stores improper input validation (CVE-2023-28512)
Details
IBM Watson CP4D Data Stores 4.6.0, 4.6.1, and 4.6.2 could allow an attacker with specific knowledge about the system to manipulate data due to improper input validation. IBM X-Force ID: 250396.
Reason for inclusion in AVID: The CVE describes a software vulnerability in IBM Watson CP4D Data Stores (a component used in AI data pipelines) involving improper input validation that could allow data manipulation. This affects AI systems by compromising data integrity during training/deployment workflows and is a software supply-chain-relevant component (data stores used in GPAI stacks). The report provides explicit CVE details, impact, CWE, and references, supporting curation as a security vulnerability in AI software supply chains.
References
- NVD entry
- https://www.ibm.com/support/pages/node/6965456
- https://exchange.xforce.ibmcloud.com/vulnerabilities/250396
Affected or Relevant Artifacts
- Developer: IBM
- Deployer: IBM
- Artifact Details:
| Type | Name |
|---|---|
| System | Watson CP4D Data Stores |
Impact
AVID Taxonomy Categorization
- Risk domains: Security
- SEP subcategories: S0100: Software Vulnerability
- Lifecycle stages: L06: Deployment
CVSS
| Version | 3.1 |
| Vector String | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N |
| Base Score | 5.9 |
| Base Severity | 🟠 Medium |
| Attack Vector | NETWORK |
| Attack Complexity | 🔴 High |
| Privileges Required | NONE |
| User Interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality Impact | NONE |
| Integrity Impact | 🔴 High |
| Availability Impact | NONE |
CWE
| ID | Description |
|---|---|
| CWE-472 | CWE-472 External Control of Assumed-Immutable Web Parameter |
Other information
- Report Type: Advisory
- Credits:
- Date Reported: 2024-03-03
- Version: 0.3.3
- AVID Entry