CVE-2025-13688

MEDIUM

IBM DataStage 5.1.2-5.3.0 - Command Injection

Title source: llm

Description

IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input through the wrapped command component.

References (1)

[Various Sources] https://www.ibm.com/support/pages/node/7262347

Scores

CVSS v3 6.3

EPSS 0.0004

EPSS Percentile 12.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Classification

CWE

CWE-78

Status published

Affected Products (1)

ibm/datastage_on_cloud_pak_for_data < 5.3.1

Timeline

Published Mar 03, 2026

Tracked Since Mar 04, 2026