I recently found a couple of vulnerabilities in the SaaS cloud computing infrastructure of IBM Watson. After reporting the issue on the IBM PSIRT website and working with them to fix the issue, IBM replied with the following:
“Thanks for confirming that the issue has been fixed. Because this is a SaaS offering, we will not be publishing and acknowledging via security bulletin. However please know that we appreciate your cooperation and the effort to inform us of the vulnerability.”
Anyway, I have included the advisory below for anyone who is interested. It is interesting to see that trivial vulnerabilities like these are still in the wild.