Primary

Context

IBM watsonx Orchestrate Cartridge SQL Injection Vulnerability

Vulnerability

A SQL injection vulnerability has been identified in the IBM watsonx Orchestrate Cartridge for IBM Cloud Pak for Data, specifically in versions 4.8.4, 4.8.5, and 5.0.0 through 5.2.0. This vulnerability allows remote attackers to send specially crafted SQL statements that could be used to view, add, modify, or delete information in the back-end database.

Impact

Exploitation of this vulnerability could lead to unauthorized access to the database, allowing attackers to manipulate data by viewing, adding, modifying, or deleting information.

Remediation

Users are advised to upgrade to IBM watsonx Orchestrate Cartridge version 5.2.0.1. Instructions for upgrading can be found in the IBM watsonx Orchestrate documentation.

Added: Aug 30, 2025, 1:20 PM

Updated: Aug 30, 2025, 1:20 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.2

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.2

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

IBM watsonx Orchestrate Cartridge SQL Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating