Main Vulnerability Database SB2025071008

SB2025071008 - IBM watsonx.data update for Prism

Published: July 10, 2025

Security Bulletin ID SB2025071008

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Code Injection (CVE-ID: CVE-2024-53382)

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to Prism (aka PrismJS) allows DOM Clobbering (with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript), because document.currentScript lookup can be shadowed by attacker-injected HTML elements.. A remote user can send a specially crafted request and execute arbitrary code on the target system.

Remediation

Install update from vendor's website.

References

https://www.ibm.com/support/pages/node/7239286