IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 returns sensitive information in an HTTP response that could be used to impersonate other users in the system.
PUBLISHED5.2ApplicationCWE-497
DataStage on Cloud Pak for Data is vulnerable to sensitive information leaks due to HTTP processing
Problem type
Affected products
IBM
DataStage on Cloud Pak for Data
<= 5.3.0 - AFFECTED
References
GitHub Security Advisories
GHSA-gpj4-p4vm-jmrr
IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 returns sensitive information in an HTTP...
https://github.com/advisories/GHSA-gpj4-p4vm-jmrrIBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 returns sensitive information in an HTTP response that could be used to impersonate other users in the system.
JSON source
https://cveawg.mitre.org/api/cve/CVE-2025-13691Click to expand
{
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"cveMetadata": {
"cveId": "CVE-2025-13691",
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"dateUpdated": "2026-02-17T20:18:04.935Z",
"dateReserved": "2025-11-25T20:34:37.353Z",
"datePublished": "2026-02-17T20:17:24.149Z",
"state": "PUBLISHED"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm",
"dateUpdated": "2026-02-17T20:18:04.935Z"
},
"title": "DataStage on Cloud Pak for Data is vulnerable to sensitive information leaks due to HTTP processing",
"descriptions": [
{
"lang": "en",
"value": "IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 returns sensitive information in an HTTP response that could be used to impersonate other users in the system.",
"supportingMedia": [
{
"type": "text/html",
"base64": false,
"value": "<p>IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 returns sensitive information in an HTTP response that could be used to impersonate other users in the system.</p>"
}
]
}
],
"affected": [
{
"vendor": "IBM",
"product": "DataStage on Cloud Pak for Data",
"cpes": [
"cpe:2.3:a:ibm:datastage_on_cloud_pak_for_data:5.1.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:datastage_on_cloud_pak_for_data:5.3.0:*:*:*:*:*:*:*"
],
"versions": [
{
"version": "5.1.2",
"status": "affected",
"versionType": "semver",
"lessThanOrEqual": "5.3.0"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"lang": "en",
"description": "CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere",
"cweId": "CWE-497",
"type": "CWE"
}
]
}
],
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7259956",
"tags": [
"vendor-advisory",
"patch"
]
}
],
"metrics": [
{
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
],
"cvssV3_1": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH"
}
}
],
"solutions": [
{
"lang": "en",
"value": "IBM strongly recommends addressing the vulnerability now by upgrading DataStage on Cloud Pak for Data. Product(s) Version(s) number and/or range Remediation/Fix/Instructions DataStage on Cloud Pak for Data 5.1.2-5.3.0 Upgrade to version 5.3.1 and beyond.",
"supportingMedia": [
{
"type": "text/html",
"base64": false,
"value": "<p>IBM strongly recommends addressing the vulnerability now by upgrading DataStage on Cloud Pak for Data. Product(s) Version(s) number and/or range Remediation/Fix/Instructions DataStage on Cloud Pak for Data 5.1.2-5.3.0 Upgrade to version 5.3.1 and beyond.</p>"
}
]
}
]
}
}
}