IBM watsonx Orchestrate Cartridge for IBM Cloud Pak for Data...

7.6 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

Description

IBM watsonx Orchestrate Cartridge for IBM Cloud Pak for Data 4.8.4, 4.8.5, and 5.0.0 through 5.2.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database.

Basic Information

ID CVE-2025-0165

Source ibm

Published Aug 30, 2025 at 12:47

Affected Product

Vendor IBM

Product watsonx Orchestrate Cartridge for IBM Cloud Pak for Data

Version 4.8.4

Affected Versions IBM watsonx Orchestrate Cartridge for IBM Cloud Pak for Data 4.8.4
IBM watsonx Orchestrate Cartridge for IBM Cloud Pak for Data 5.0.0

CWE Classification

CWE-89

References

www.ibm.com /support/pages/node/7243596

{
    "lastseen": "",
    "description": "IBM watsonx Orchestrate Cartridge for IBM Cloud Pak for Data 4.8.4, 4.8.5, and 5.0.0 through 5.2.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database.",
    "published": "2025-08-30T12:47:56.304Z",
    "modified": "2025-08-30T12:47:56.304Z",
    "type": "cve",
    "title": "IBM watsonx Orchestrate Cartridge for IBM Cloud Pak for Data SQL injection",
    "source": "ibm",
    "references": "https://www.ibm.com/support/pages/node/7243596",
    "id": "CVE-2025-0165",
    "bulletinFamily": "",
    "cwe": [
        "CWE-89"
    ],
    "cvelist": null,
    "sourceData": "IBM watsonx Orchestrate Cartridge for IBM Cloud Pak for Data 4.8.4\nIBM watsonx Orchestrate Cartridge for IBM Cloud Pak for Data 5.0.0",
    "sourceHref": "",
    "cvss": {
        "score": 7.6,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "watsonx Orchestrate Cartridge for IBM Cloud Pak for Data",
    "version": "4.8.4",
    "vendor": "IBM",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

IBM watsonx Orchestrate Cartridge for IBM Cloud Pak for Data SQL injection_CVE-2025-0165