CVE-2025-13686
HIGH WAF: High
CVSS 8.8
Published: 2026-03-03
CWE-78
IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input through the job subroutine component.
WAF Coverage Analysis
OS Command Injection
High WAF Coverage
OWASP: A03:2021 Injection
932xxx - Remote Code Execution
Affected Software
| Vendor | Product | Version |
|---|---|---|
| ibm | datastage_on_cloud_pak_for_data | 5.1.2 - 5.3.1 |
References
- www.ibm.com (Vendor Advisory)