IBM watsonx.ai Vulnerability Allows XSS Attacks in Web UI

2025-01-13

Discover how vulnerabilities in AI platforms like IBM watsonx.ai emphasize the critical need for robust cloud security solutions, presenting an opportunity to showcase CloudGuard's capabilities.

 

IBM has disclosed a vulnerability in its watsonx.ai platform that could allow authenticated users to perform cross-site scripting (XSS) attacks by embedding arbitrary JavaScript code in the Web UI. This affects both Cloud Pak for Data and standalone installations, potentially leading to credential disclosure and altered functionality. The vulnerability highlights the need for robust security measures as AI technologies become more integral to business operations.

 

Key Facts

Risks:

Web App/Website Vulnerability, Third-Party Vendor/SaaS

Keywords:

IBM watsonx.ai, XSS vulnerability, Cloud Pak for Data, JavaScript injection, AI security

CVE:

CVE-2024-49785

Affected:

IBM watsonx.ai, Cloud Pak for Data

 

Article Body

IBM watsonx.ai Vulnerability Overview

A significant security flaw has been identified in IBM's watsonx.ai platform, potentially exposing users to cross-site scripting (XSS) attacks. This vulnerability affects both the Cloud Pak for Data version and standalone installations of IBM watsonx.ai.

Details of the Vulnerability

The vulnerability, tracked as CVE-2024-49785, allows authenticated users to inject arbitrary JavaScript code into the Web UI. This can occur when unauthorized third-party LLM prompts are used, leading to the possibility of altered functionality and credential disclosure within trusted sessions. The vulnerability is rated with a CVSS base score of 5.4, indicating a moderate severity.

Technical Aspects

The CVSS vector reveals that this attack can be executed remotely, requires low complexity, and involves user interaction. This makes it a concerning issue for organizations using AI and machine learning platforms, as it could lead to data breaches and system compromises if not addressed.

Implications for AI Security

As AI technologies like watsonx.ai are increasingly integrated into business operations, ensuring their security is crucial. The ability for authenticated users to inject malicious code into the platform's Web UI highlights the ongoing challenges in securing AI environments.

Recommended Actions

Organizations using IBM watsonx.ai should be aware of this vulnerability and ensure they have processes in place for timely updates and vulnerability management. It is essential to implement robust security measures to mitigate potential risks associated with this flaw.

 

Read More

https://cybersecuritynews.com/ibm-watsonx-ai-xss-vulnerability/