PT-2025-38412 · Ibm · Ibm Lakehouse+1
Published
2025-09-18
·
Updated
2025-09-18
·
CVE-2025-36139
CVSS v3.1
5.5
Medium
| Vector | AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
IBM Lakehouse version 2.2
Description
IBM Lakehouse (watsonx.data 2.2) is susceptible to stored cross-site scripting. A privileged user can embed arbitrary JavaScript code within the Web UI, potentially altering functionality and leading to credentials disclosure within a trusted session.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Lakehouse
Watsonx.Data 2.2