Search

Find a vulnerability

Search criteria

    77 vulnerabilities found for Cloud Pak System by IBM

    CERTFR-2026-AVI-0810

    Vulnerability from certfr_avis - Published: 2026-06-26 - Updated: 2026-06-26

    De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    IBM Sterling Partner Engagement Manager Essentials Edition Sterling Partner Engagement Manager versions 6.2.3.x antérieures à 6.2.3.6
    IBM Sterling Sterling Secure Proxy versions 6.1.0.x antérieures à 6.1.0.4 iFix01
    IBM N/A WebSphere Application Server sans le dernier correctif de sécurité
    IBM Sterling Sterling Order Management sans le dernier correctif de sécurité
    IBM N/A WebSphere Remote Server versions 9.0.x antérieures à 9.0.5.29
    IBM QRadar QRadar DNS Analyzer App versions antérieures à 2.0.5
    IBM N/A WebSphere Liberty Operator versions antérieures à 1.6.2
    IBM Cloud Pak System Cloud Pak System versions antérieures à 2.3.5.1
    IBM N/A WebSphere Remote Server versions 8.5.x antérieures à 8.5.5.30
    IBM Sterling Sterling External Authentication Server versions 6.1.1.x antérieures à 6.1.1.3 iFix01
    IBM Sterling Sterling Connect:Direct for Microsoft Windows versions 6.4.0.x antérieures à 6.4.0.4_iFix035
    IBM Db2 Db2 versions V11.5 et V12.1 sans le dernier correctif de sécurité
    IBM Sterling Sterling Connect:Direct for Microsoft Windows versions 6.3.0.x antérieures à 6.3.0.6_iFix062
    IBM N/A WebSphere eXtreme Scale versions 8.6.x antérieures à 8.6.1 sans le correctif PH71616 iFix
    IBM Sterling Sterling Secure Proxy versions 6.2.1.x antérieures à 6.2.1.2 iFix02
    IBM Sterling Partner Engagement Manager Essentials Edition Sterling Partner Engagement Manager versions 6.2.4.x antérieures à 6.2.4.4
    References
    Bulletin de sécurité IBM 7277716 2026-06-24 vendor-advisory
    Bulletin de sécurité IBM 7277692 2026-06-24 vendor-advisory
    Bulletin de sécurité IBM 7277418 2026-06-23 vendor-advisory
    Bulletin de sécurité IBM 7275595 2026-06-25 vendor-advisory
    Bulletin de sécurité IBM 7277973 2026-06-25 vendor-advisory
    Bulletin de sécurité IBM 7277546 2026-06-23 vendor-advisory
    Bulletin de sécurité IBM 7277694 2026-06-24 vendor-advisory
    Bulletin de sécurité IBM 7277531 2026-06-23 vendor-advisory
    Bulletin de sécurité IBM 7277693 2026-06-24 vendor-advisory
    Bulletin de sécurité IBM 7277544 2026-06-23 vendor-advisory
    Bulletin de sécurité IBM 7277550 2026-06-23 vendor-advisory
    Bulletin de sécurité IBM 7277424 2026-06-23 vendor-advisory
    Bulletin de sécurité IBM 7277420 2026-06-23 vendor-advisory
    Bulletin de sécurité IBM 7277742 2026-06-24 vendor-advisory
    Bulletin de sécurité IBM 7277387 2026-06-22 vendor-advisory
    Bulletin de sécurité IBM 7277556 2026-06-23 vendor-advisory
    Bulletin de sécurité IBM 7277555 2026-06-23 vendor-advisory
    Bulletin de sécurité IBM 7278112 2026-06-26 vendor-advisory
    Bulletin de sécurité IBM 7277422 2026-06-23 vendor-advisory
    Bulletin de sécurité IBM 7277536 2026-06-23 vendor-advisory
    Bulletin de sécurité IBM 7277767 2026-06-24 vendor-advisory
    Bulletin de sécurité IBM 7278103 2026-06-26 vendor-advisory

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Sterling Partner Engagement Manager versions 6.2.3.x ant\u00e9rieures \u00e0 6.2.3.6",
          "product": {
            "name": "Sterling Partner Engagement Manager Essentials Edition",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Sterling Secure Proxy versions 6.1.0.x ant\u00e9rieures \u00e0 6.1.0.4 iFix01",
          "product": {
            "name": "Sterling",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "WebSphere Application Server sans le dernier correctif de s\u00e9curit\u00e9",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Sterling Order Management sans le dernier correctif de s\u00e9curit\u00e9",
          "product": {
            "name": "Sterling",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "WebSphere Remote Server versions 9.0.x ant\u00e9rieures \u00e0 9.0.5.29",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "QRadar DNS Analyzer App versions ant\u00e9rieures \u00e0 2.0.5",
          "product": {
            "name": "QRadar",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "WebSphere Liberty Operator versions ant\u00e9rieures \u00e0 1.6.2",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Cloud Pak System versions ant\u00e9rieures \u00e0 2.3.5.1",
          "product": {
            "name": "Cloud Pak System",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "WebSphere Remote Server versions 8.5.x ant\u00e9rieures \u00e0 8.5.5.30",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Sterling External Authentication Server versions 6.1.1.x ant\u00e9rieures \u00e0 6.1.1.3 iFix01",
          "product": {
            "name": "Sterling",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Sterling Connect:Direct for Microsoft Windows versions 6.4.0.x ant\u00e9rieures \u00e0 6.4.0.4_iFix035",
          "product": {
            "name": "Sterling",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Db2 versions V11.5 et V12.1 sans le dernier correctif de s\u00e9curit\u00e9",
          "product": {
            "name": "Db2",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Sterling Connect:Direct for Microsoft Windows versions 6.3.0.x ant\u00e9rieures \u00e0 6.3.0.6_iFix062",
          "product": {
            "name": "Sterling",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "WebSphere eXtreme Scale versions 8.6.x ant\u00e9rieures \u00e0 8.6.1 sans le correctif PH71616 iFix",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Sterling Secure Proxy versions 6.2.1.x ant\u00e9rieures \u00e0 6.2.1.2 iFix02",
          "product": {
            "name": "Sterling",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Sterling Partner Engagement Manager versions 6.2.4.x ant\u00e9rieures \u00e0 6.2.4.4",
          "product": {
            "name": "Sterling Partner Engagement Manager Essentials Edition",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2026-5588",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-5588"
        },
        {
          "name": "CVE-2025-36353",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-36353"
        },
        {
          "name": "CVE-2025-66199",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-66199"
        },
        {
          "name": "CVE-2026-33871",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-33871"
        },
        {
          "name": "CVE-2025-2534",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-2534"
        },
        {
          "name": "CVE-2026-11383",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11383"
        },
        {
          "name": "CVE-2026-42041",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42041"
        },
        {
          "name": "CVE-2025-13867",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-13867"
        },
        {
          "name": "CVE-2026-42402",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42402"
        },
        {
          "name": "CVE-2025-2668",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-2668"
        },
        {
          "name": "CVE-2025-36427",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-36427"
        },
        {
          "name": "CVE-2025-15469",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-15469"
        },
        {
          "name": "CVE-2025-36131",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-36131"
        },
        {
          "name": "CVE-2025-12084",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-12084"
        },
        {
          "name": "CVE-2024-47118",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-47118"
        },
        {
          "name": "CVE-2025-36098",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-36098"
        },
        {
          "name": "CVE-2025-69419",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-69419"
        },
        {
          "name": "CVE-2026-33814",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-33814"
        },
        {
          "name": "CVE-2025-36184",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-36184"
        },
        {
          "name": "CVE-2026-1605",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-1605"
        },
        {
          "name": "CVE-2026-22013",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-22013"
        },
        {
          "name": "CVE-2026-22018",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-22018"
        },
        {
          "name": "CVE-2026-42580",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42580"
        },
        {
          "name": "CVE-2025-36247",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-36247"
        },
        {
          "name": "CVE-2025-36009",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-36009"
        },
        {
          "name": "CVE-2025-7962",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-7962"
        },
        {
          "name": "CVE-2025-15467",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-15467"
        },
        {
          "name": "CVE-2026-33870",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-33870"
        },
        {
          "name": "CVE-2025-36070",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-36070"
        },
        {
          "name": "CVE-2026-0994",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-0994"
        },
        {
          "name": "CVE-2025-36428",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-36428"
        },
        {
          "name": "CVE-2025-41248",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-41248"
        },
        {
          "name": "CVE-2026-42585",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42585"
        },
        {
          "name": "CVE-2026-11541",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11541"
        },
        {
          "name": "CVE-2026-34282",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-34282"
        },
        {
          "name": "CVE-2026-11707",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11707"
        },
        {
          "name": "CVE-2025-36387",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-36387"
        },
        {
          "name": "CVE-2026-42036",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42036"
        },
        {
          "name": "CVE-2026-39821",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-39821"
        },
        {
          "name": "CVE-2025-58057",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-58057"
        },
        {
          "name": "CVE-2026-11594",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11594"
        },
        {
          "name": "CVE-2026-42403",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42403"
        },
        {
          "name": "CVE-2026-22795",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-22795"
        },
        {
          "name": "CVE-2026-10109",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10109"
        },
        {
          "name": "CVE-2026-27136",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-27136"
        },
        {
          "name": "CVE-2023-47038",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-47038"
        },
        {
          "name": "CVE-2025-62718",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-62718"
        },
        {
          "name": "CVE-2025-36136",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-36136"
        },
        {
          "name": "CVE-2026-42584",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42584"
        },
        {
          "name": "CVE-2025-36008",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-36008"
        },
        {
          "name": "CVE-2026-23865",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23865"
        },
        {
          "name": "CVE-2026-5598",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-5598"
        },
        {
          "name": "CVE-2026-42033",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42033"
        },
        {
          "name": "CVE-2026-42035",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42035"
        },
        {
          "name": "CVE-2026-11536",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11536"
        },
        {
          "name": "CVE-2025-69421",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-69421"
        },
        {
          "name": "CVE-2026-34478",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-34478"
        },
        {
          "name": "CVE-2026-42043",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42043"
        },
        {
          "name": "CVE-2025-11143",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-11143"
        },
        {
          "name": "CVE-2025-36006",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-36006"
        },
        {
          "name": "CVE-2026-6918",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-6918"
        },
        {
          "name": "CVE-2026-34480",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-34480"
        },
        {
          "name": "CVE-2026-40175",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-40175"
        },
        {
          "name": "CVE-2026-5795",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-5795"
        },
        {
          "name": "CVE-2025-68161",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-68161"
        },
        {
          "name": "CVE-2025-33012",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-33012"
        },
        {
          "name": "CVE-2026-42506",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42506"
        },
        {
          "name": "CVE-2026-34479",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-34479"
        },
        {
          "name": "CVE-2026-22796",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-22796"
        },
        {
          "name": "CVE-2026-42040",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42040"
        },
        {
          "name": "CVE-2026-1188",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-1188"
        },
        {
          "name": "CVE-2026-25680",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-25680"
        },
        {
          "name": "CVE-2025-55163",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-55163"
        },
        {
          "name": "CVE-2022-24729",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-24729"
        },
        {
          "name": "CVE-2025-36425",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-36425"
        },
        {
          "name": "CVE-2026-10845",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-10845"
        },
        {
          "name": "CVE-2025-12635",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-12635"
        },
        {
          "name": "CVE-2026-42404",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42404"
        },
        {
          "name": "CVE-2026-40895",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-40895"
        },
        {
          "name": "CVE-2026-22016",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-22016"
        },
        {
          "name": "CVE-2026-22021",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-22021"
        },
        {
          "name": "CVE-2026-22007",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-22007"
        },
        {
          "name": "CVE-2025-68160",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-68160"
        },
        {
          "name": "CVE-2026-34268",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-34268"
        },
        {
          "name": "CVE-2025-67735",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-67735"
        },
        {
          "name": "CVE-2024-29371",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-29371"
        },
        {
          "name": "CVE-2026-42038",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42038"
        },
        {
          "name": "CVE-2026-42583",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42583"
        },
        {
          "name": "CVE-2026-2332",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-2332"
        },
        {
          "name": "CVE-2025-36001",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-36001"
        },
        {
          "name": "CVE-2026-42039",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42039"
        },
        {
          "name": "CVE-2025-58056",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-58056"
        },
        {
          "name": "CVE-2026-8149",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-8149"
        },
        {
          "name": "CVE-2026-42502",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42502"
        },
        {
          "name": "CVE-2026-42581",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42581"
        },
        {
          "name": "CVE-2025-40909",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-40909"
        },
        {
          "name": "CVE-2025-36365",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-36365"
        },
        {
          "name": "CVE-2026-25681",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-25681"
        },
        {
          "name": "CVE-2025-69418",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-69418"
        },
        {
          "name": "CVE-2025-15468",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-15468"
        },
        {
          "name": "CVE-2025-36442",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-36442"
        },
        {
          "name": "CVE-2026-42044",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42044"
        },
        {
          "name": "CVE-2026-42034",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42034"
        },
        {
          "name": "CVE-2026-42587",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42587"
        },
        {
          "name": "CVE-2025-48924",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-48924"
        },
        {
          "name": "CVE-2024-47072",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-47072"
        },
        {
          "name": "CVE-2025-11187",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-11187"
        },
        {
          "name": "CVE-2025-41249",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-41249"
        },
        {
          "name": "CVE-2025-36366",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-36366"
        },
        {
          "name": "CVE-2025-36123",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-36123"
        },
        {
          "name": "CVE-2026-42264",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42264"
        },
        {
          "name": "CVE-2026-0636",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-0636"
        },
        {
          "name": "CVE-2026-42037",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42037"
        },
        {
          "name": "CVE-2026-42042",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42042"
        },
        {
          "name": "CVE-2026-9006",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9006"
        },
        {
          "name": "CVE-2025-33134",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-33134"
        },
        {
          "name": "CVE-2026-11806",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-11806"
        },
        {
          "name": "CVE-2026-34477",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-34477"
        },
        {
          "name": "CVE-2025-46392",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-46392"
        },
        {
          "name": "CVE-2025-36407",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-36407"
        },
        {
          "name": "CVE-2026-22008",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-22008"
        },
        {
          "name": "CVE-2025-14813",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-14813"
        },
        {
          "name": "CVE-2025-69420",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-69420"
        }
      ],
      "initial_release_date": "2026-06-26T00:00:00",
      "last_revision_date": "2026-06-26T00:00:00",
      "links": [],
      "reference": "CERTFR-2026-AVI-0810",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2026-06-26T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        },
        {
          "description": "Injection de code indirecte \u00e0 distance (XSS)"
        },
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        },
        {
          "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
        },
        {
          "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
        },
        {
          "description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        },
        {
          "description": "\u00c9l\u00e9vation de privil\u00e8ges"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
      "vendor_advisories": [
        {
          "published_at": "2026-06-24",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7277716",
          "url": "https://www.ibm.com/support/pages/node/7277716"
        },
        {
          "published_at": "2026-06-24",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7277692",
          "url": "https://www.ibm.com/support/pages/node/7277692"
        },
        {
          "published_at": "2026-06-23",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7277418",
          "url": "https://www.ibm.com/support/pages/node/7277418"
        },
        {
          "published_at": "2026-06-25",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7275595",
          "url": "https://www.ibm.com/support/pages/node/7275595"
        },
        {
          "published_at": "2026-06-25",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7277973",
          "url": "https://www.ibm.com/support/pages/node/7277973"
        },
        {
          "published_at": "2026-06-23",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7277546",
          "url": "https://www.ibm.com/support/pages/node/7277546"
        },
        {
          "published_at": "2026-06-24",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7277694",
          "url": "https://www.ibm.com/support/pages/node/7277694"
        },
        {
          "published_at": "2026-06-23",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7277531",
          "url": "https://www.ibm.com/support/pages/node/7277531"
        },
        {
          "published_at": "2026-06-24",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7277693",
          "url": "https://www.ibm.com/support/pages/node/7277693"
        },
        {
          "published_at": "2026-06-23",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7277544",
          "url": "https://www.ibm.com/support/pages/node/7277544"
        },
        {
          "published_at": "2026-06-23",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7277550",
          "url": "https://www.ibm.com/support/pages/node/7277550"
        },
        {
          "published_at": "2026-06-23",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7277424",
          "url": "https://www.ibm.com/support/pages/node/7277424"
        },
        {
          "published_at": "2026-06-23",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7277420",
          "url": "https://www.ibm.com/support/pages/node/7277420"
        },
        {
          "published_at": "2026-06-24",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7277742",
          "url": "https://www.ibm.com/support/pages/node/7277742"
        },
        {
          "published_at": "2026-06-22",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7277387",
          "url": "https://www.ibm.com/support/pages/node/7277387"
        },
        {
          "published_at": "2026-06-23",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7277556",
          "url": "https://www.ibm.com/support/pages/node/7277556"
        },
        {
          "published_at": "2026-06-23",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7277555",
          "url": "https://www.ibm.com/support/pages/node/7277555"
        },
        {
          "published_at": "2026-06-26",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7278112",
          "url": "https://www.ibm.com/support/pages/node/7278112"
        },
        {
          "published_at": "2026-06-23",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7277422",
          "url": "https://www.ibm.com/support/pages/node/7277422"
        },
        {
          "published_at": "2026-06-23",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7277536",
          "url": "https://www.ibm.com/support/pages/node/7277536"
        },
        {
          "published_at": "2026-06-24",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7277767",
          "url": "https://www.ibm.com/support/pages/node/7277767"
        },
        {
          "published_at": "2026-06-26",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7278103",
          "url": "https://www.ibm.com/support/pages/node/7278103"
        }
      ]
    }

    CERTFR-2026-AVI-0131

    Vulnerability from certfr_avis - Published: 2026-02-06 - Updated: 2026-02-06

    De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    IBM Cloud Pak System Cloud Pak System versions 2.3.4.x et postérieures, antérieures à 2.3.6.1
    IBM Cognos Analytics Cognos Command Center versions 10.2.4.x et 10.2.5.x antérieures à 10.2.5 FP1 IF2
    IBM Db2 DB2 sans le correctif de sécurité 11.5.9 Special Build 62071
    IBM Db2 DB2 Data Management Console antérieures à 3.1.13.1
    IBM Db2 DB2 Data Management Console on CPD versions antérieurs à 4.8
    IBM Db2 DB2 Recovery Expert for LUW version 5.5 IF2 sans le correctif de sécurité v5.5.0.1 Interim Fix 8
    References
    Bulletin de sécurité IBM 7259447 2026-02-02 vendor-advisory
    Bulletin de sécurité IBM 7253572 2026-01-30 vendor-advisory
    Bulletin de sécurité IBM 7257780 2026-02-04 vendor-advisory
    Bulletin de sécurité IBM 7259901 2026-02-05 vendor-advisory
    Bulletin de sécurité IBM 7259526 2026-02-03 vendor-advisory

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Cloud Pak System versions 2.3.4.x et post\u00e9rieures, ant\u00e9rieures \u00e0 2.3.6.1",
          "product": {
            "name": "Cloud Pak System",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Cognos Command Center versions 10.2.4.x et 10.2.5.x ant\u00e9rieures \u00e0 10.2.5 FP1 IF2",
          "product": {
            "name": "Cognos Analytics",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "DB2 sans le correctif de s\u00e9curit\u00e9 11.5.9 Special Build 62071",
          "product": {
            "name": "Db2",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "DB2 Data Management Console ant\u00e9rieures \u00e0 3.1.13.1",
          "product": {
            "name": "Db2",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "DB2 Data Management Console on CPD versions ant\u00e9rieurs \u00e0 4.8",
          "product": {
            "name": "Db2",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "DB2 Recovery Expert for LUW version 5.5 IF2 sans le correctif de s\u00e9curit\u00e9 v5.5.0.1 Interim Fix 8",
          "product": {
            "name": "Db2",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2024-20919",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-20919"
        },
        {
          "name": "CVE-2023-21938",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21938"
        },
        {
          "name": "CVE-2023-21843",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21843"
        },
        {
          "name": "CVE-2024-21235",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-21235"
        },
        {
          "name": "CVE-2022-21426",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-21426"
        },
        {
          "name": "CVE-2023-38264",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-38264"
        },
        {
          "name": "CVE-2025-4447",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-4447"
        },
        {
          "name": "CVE-2024-21144",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-21144"
        },
        {
          "name": "CVE-2024-51473",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-51473"
        },
        {
          "name": "CVE-2023-21954",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21954"
        },
        {
          "name": "CVE-2023-21939",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21939"
        },
        {
          "name": "CVE-2024-20926",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-20926"
        },
        {
          "name": "CVE-2023-21830",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21830"
        },
        {
          "name": "CVE-2022-41725",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-41725"
        },
        {
          "name": "CVE-2024-3933",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-3933"
        },
        {
          "name": "CVE-2025-24970",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
        },
        {
          "name": "CVE-2025-33092",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-33092"
        },
        {
          "name": "CVE-2024-20921",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-20921"
        },
        {
          "name": "CVE-2025-7962",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-7962"
        },
        {
          "name": "CVE-2022-21624",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-21624"
        },
        {
          "name": "CVE-2023-22081",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-22081"
        },
        {
          "name": "CVE-2025-27903",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-27903"
        },
        {
          "name": "CVE-2025-50106",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-50106"
        },
        {
          "name": "CVE-2022-21626",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-21626"
        },
        {
          "name": "CVE-2025-33143",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-33143"
        },
        {
          "name": "CVE-2025-30754",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-30754"
        },
        {
          "name": "CVE-2024-10917",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-10917"
        },
        {
          "name": "CVE-2023-22067",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-22067"
        },
        {
          "name": "CVE-2022-40609",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-40609"
        },
        {
          "name": "CVE-2022-21628",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-21628"
        },
        {
          "name": "CVE-2024-21011",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-21011"
        },
        {
          "name": "CVE-2026-1188",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-1188"
        },
        {
          "name": "CVE-2023-25173",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-25173"
        },
        {
          "name": "CVE-2025-21587",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-21587"
        },
        {
          "name": "CVE-2024-21147",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-21147"
        },
        {
          "name": "CVE-2022-3517",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-3517"
        },
        {
          "name": "CVE-2024-21140",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-21140"
        },
        {
          "name": "CVE-2024-21094",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-21094"
        },
        {
          "name": "CVE-2023-21937",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21937"
        },
        {
          "name": "CVE-2025-1948",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-1948"
        },
        {
          "name": "CVE-2025-30761",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-30761"
        },
        {
          "name": "CVE-2023-25153",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-25153"
        },
        {
          "name": "CVE-2023-33850",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-33850"
        },
        {
          "name": "CVE-2023-24532",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-24532"
        },
        {
          "name": "CVE-2023-2597",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-2597"
        },
        {
          "name": "CVE-2025-30698",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-30698"
        },
        {
          "name": "CVE-2023-22045",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-22045"
        },
        {
          "name": "CVE-2024-21138",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-21138"
        },
        {
          "name": "CVE-2023-22049",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-22049"
        },
        {
          "name": "CVE-2022-41724",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-41724"
        },
        {
          "name": "CVE-2024-49828",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-49828"
        },
        {
          "name": "CVE-2015-3627",
          "url": "https://www.cve.org/CVERecord?id=CVE-2015-3627"
        },
        {
          "name": "CVE-2025-27904",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-27904"
        },
        {
          "name": "CVE-2025-27533",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-27533"
        },
        {
          "name": "CVE-2023-5676",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-5676"
        },
        {
          "name": "CVE-2024-21145",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-21145"
        },
        {
          "name": "CVE-2023-21968",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21968"
        },
        {
          "name": "CVE-2025-36071",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-36071"
        },
        {
          "name": "CVE-2025-30749",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-30749"
        },
        {
          "name": "CVE-2025-48924",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-48924"
        },
        {
          "name": "CVE-2023-21930",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21930"
        },
        {
          "name": "CVE-2024-20918",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-20918"
        },
        {
          "name": "CVE-2025-27900",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-27900"
        },
        {
          "name": "CVE-2022-23471",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-23471"
        },
        {
          "name": "CVE-2025-27899",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-27899"
        },
        {
          "name": "CVE-2022-41723",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-41723"
        },
        {
          "name": "CVE-2025-27901",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-27901"
        },
        {
          "name": "CVE-2024-52894",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-52894"
        },
        {
          "name": "CVE-2024-21085",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-21085"
        },
        {
          "name": "CVE-2024-20945",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-20945"
        },
        {
          "name": "CVE-2024-21131",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-21131"
        },
        {
          "name": "CVE-2024-21210",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-21210"
        },
        {
          "name": "CVE-2025-27898",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-27898"
        },
        {
          "name": "CVE-2025-53057",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-53057"
        },
        {
          "name": "CVE-2023-21967",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21967"
        },
        {
          "name": "CVE-2022-21619",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-21619"
        },
        {
          "name": "CVE-2025-53066",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-53066"
        },
        {
          "name": "CVE-2024-21217",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-21217"
        },
        {
          "name": "CVE-2024-27267",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-27267"
        },
        {
          "name": "CVE-2024-20952",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-20952"
        },
        {
          "name": "CVE-2024-21208",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-21208"
        }
      ],
      "initial_release_date": "2026-02-06T00:00:00",
      "last_revision_date": "2026-02-06T00:00:00",
      "links": [],
      "reference": "CERTFR-2026-AVI-0131",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2026-02-06T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        },
        {
          "description": "Injection de code indirecte \u00e0 distance (XSS)"
        },
        {
          "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
        },
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        },
        {
          "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
        },
        {
          "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        },
        {
          "description": "\u00c9l\u00e9vation de privil\u00e8ges"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
      "vendor_advisories": [
        {
          "published_at": "2026-02-02",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7259447",
          "url": "https://www.ibm.com/support/pages/node/7259447"
        },
        {
          "published_at": "2026-01-30",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7253572",
          "url": "https://www.ibm.com/support/pages/node/7253572"
        },
        {
          "published_at": "2026-02-04",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7257780",
          "url": "https://www.ibm.com/support/pages/node/7257780"
        },
        {
          "published_at": "2026-02-05",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7259901",
          "url": "https://www.ibm.com/support/pages/node/7259901"
        },
        {
          "published_at": "2026-02-03",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7259526",
          "url": "https://www.ibm.com/support/pages/node/7259526"
        }
      ]
    }

    CERTFR-2025-AVI-0214

    Vulnerability from certfr_avis - Published: 2025-03-14 - Updated: 2025-03-14

    De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    IBM Cloud Pak System Cloud Pak System versions antérieures à v2.3.4.1 pour Intel
    IBM Security QRadar EDR Security QRadar EDR versions antérieures à 3.12.16
    IBM Sterling Sterling B2B Integrator versions 6.2.x antérieures à 6.2.0.4
    IBM Cloud Pak System Cloud Pak System versions antérieures à v2.3.5.0 pour Power
    IBM QRadar SIEM QRadar SIEM versions 7.5.0 antérieures à 7.5.0 UP11 IF03
    IBM Sterling Sterling B2B Integrator versions antérieures à 6.1.2.7
    References
    Bulletin de sécurité IBM 7185937 2025-03-14 vendor-advisory
    Bulletin de sécurité IBM 7185675 2025-03-13 vendor-advisory
    Bulletin de sécurité IBM 7185257 2025-03-10 vendor-advisory
    Bulletin de sécurité IBM 7185938 2025-03-14 vendor-advisory
    Bulletin de sécurité IBM 7185353 2025-03-11 vendor-advisory

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Cloud Pak System versions ant\u00e9rieures \u00e0 v2.3.4.1 pour Intel",
          "product": {
            "name": "Cloud Pak System",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Security QRadar EDR versions ant\u00e9rieures \u00e0 3.12.16",
          "product": {
            "name": "Security QRadar EDR",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Sterling B2B Integrator versions 6.2.x ant\u00e9rieures \u00e0 6.2.0.4",
          "product": {
            "name": "Sterling",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Cloud Pak System versions ant\u00e9rieures \u00e0 v2.3.5.0 pour Power",
          "product": {
            "name": "Cloud Pak System",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "QRadar SIEM versions 7.5.0 ant\u00e9rieures \u00e0 7.5.0 UP11 IF03",
          "product": {
            "name": "QRadar SIEM",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Sterling B2B Integrator versions ant\u00e9rieures \u00e0 6.1.2.7",
          "product": {
            "name": "Sterling",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2023-7104",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-7104"
        },
        {
          "name": "CVE-2022-48564",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-48564"
        },
        {
          "name": "CVE-2023-40217",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-40217"
        },
        {
          "name": "CVE-2024-11187",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-11187"
        },
        {
          "name": "CVE-2022-46175",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-46175"
        },
        {
          "name": "CVE-2024-45638",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-45638"
        },
        {
          "name": "CVE-2023-46234",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-46234"
        },
        {
          "name": "CVE-2021-32804",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-32804"
        },
        {
          "name": "CVE-2022-45061",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-45061"
        },
        {
          "name": "CVE-2023-36632",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-36632"
        },
        {
          "name": "CVE-2025-24970",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
        },
        {
          "name": "CVE-2023-32762",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-32762"
        },
        {
          "name": "CVE-2022-48565",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-48565"
        },
        {
          "name": "CVE-2023-4807",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-4807"
        },
        {
          "name": "CVE-2025-22150",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-22150"
        },
        {
          "name": "CVE-2022-49043",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-49043"
        },
        {
          "name": "CVE-2023-32763",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-32763"
        },
        {
          "name": "CVE-2022-24302",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-24302"
        },
        {
          "name": "CVE-2025-1244",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-1244"
        },
        {
          "name": "CVE-2023-27043",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-27043"
        },
        {
          "name": "CVE-2024-51744",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-51744"
        },
        {
          "name": "CVE-2024-45338",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-45338"
        },
        {
          "name": "CVE-2023-48795",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
        },
        {
          "name": "CVE-2022-48566",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-48566"
        },
        {
          "name": "CVE-2024-21634",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-21634"
        },
        {
          "name": "CVE-2024-27306",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-27306"
        },
        {
          "name": "CVE-2024-45296",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
        },
        {
          "name": "CVE-2019-12900",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-12900"
        },
        {
          "name": "CVE-2021-32803",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-32803"
        },
        {
          "name": "CVE-2024-52798",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-52798"
        },
        {
          "name": "CVE-2024-27268",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-27268"
        },
        {
          "name": "CVE-2024-47535",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
        },
        {
          "name": "CVE-2022-48560",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-48560"
        },
        {
          "name": "CVE-2024-45643",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-45643"
        },
        {
          "name": "CVE-2023-32573",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-32573"
        },
        {
          "name": "CVE-2022-41854",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-41854"
        },
        {
          "name": "CVE-2022-35737",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-35737"
        },
        {
          "name": "CVE-2022-25857",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-25857"
        },
        {
          "name": "CVE-2025-25193",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
        },
        {
          "name": "CVE-2022-38900",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-38900"
        },
        {
          "name": "CVE-2024-53104",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-53104"
        },
        {
          "name": "CVE-2023-24329",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-24329"
        },
        {
          "name": "CVE-2023-2976",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
        },
        {
          "name": "CVE-2025-1094",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-1094"
        },
        {
          "name": "CVE-2022-1471",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-1471"
        },
        {
          "name": "CVE-2024-0690",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-0690"
        },
        {
          "name": "CVE-2022-1365",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-1365"
        },
        {
          "name": "CVE-2020-11023",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
        },
        {
          "name": "CVE-2022-4742",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-4742"
        }
      ],
      "initial_release_date": "2025-03-14T00:00:00",
      "last_revision_date": "2025-03-14T00:00:00",
      "links": [],
      "reference": "CERTFR-2025-AVI-0214",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2025-03-14T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        },
        {
          "description": "Injection de code indirecte \u00e0 distance (XSS)"
        },
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        },
        {
          "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
      "vendor_advisories": [
        {
          "published_at": "2025-03-14",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7185937",
          "url": "https://www.ibm.com/support/pages/node/7185937"
        },
        {
          "published_at": "2025-03-13",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7185675",
          "url": "https://www.ibm.com/support/pages/node/7185675"
        },
        {
          "published_at": "2025-03-10",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7185257",
          "url": "https://www.ibm.com/support/pages/node/7185257"
        },
        {
          "published_at": "2025-03-14",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7185938",
          "url": "https://www.ibm.com/support/pages/node/7185938"
        },
        {
          "published_at": "2025-03-11",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7185353",
          "url": "https://www.ibm.com/support/pages/node/7185353"
        }
      ]
    }

    CERTFR-2025-AVI-0186

    Vulnerability from certfr_avis - Published: 2025-03-07 - Updated: 2025-03-07

    De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et une injection de code indirecte à distance (XSS).

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    IBM Cognos Analytics IBM Cognos Analytics Mobile pour Android versions 1.1.x antérieures à 1.1.21
    IBM Cognos Analytics IBM Cognos Analytics Mobile pour iOS versions 1.1.x antérieures à 1.1.21
    IBM Cloud Pak System Cloud Pak System versions antérieures à 2.3.5.0 pour Power
    IBM Security QRadar SIEM QRadar Pulse application versions antérieures à 2.2.16
    IBM Cloud Pak System Cloud Pak System versions 2.3.3.x antérieures à 2.3.4.1 pour Intel
    References
    Bulletin de sécurité IBM 7184659 2025-03-03 vendor-advisory
    Bulletin de sécurité IBM 7184429 2025-03-01 vendor-advisory
    Bulletin de sécurité IBM 7184955 2025-03-06 vendor-advisory
    Bulletin de sécurité IBM 7184430 2025-03-01 vendor-advisory

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "IBM Cognos Analytics Mobile pour Android versions 1.1.x ant\u00e9rieures \u00e0 1.1.21",
          "product": {
            "name": "Cognos Analytics",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "IBM Cognos Analytics Mobile pour iOS versions 1.1.x ant\u00e9rieures \u00e0 1.1.21",
          "product": {
            "name": "Cognos Analytics",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Cloud Pak System  versions ant\u00e9rieures \u00e0 2.3.5.0 pour Power",
          "product": {
            "name": "Cloud Pak System",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "QRadar Pulse application versions ant\u00e9rieures \u00e0 2.2.16",
          "product": {
            "name": "Security QRadar SIEM",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        },
        {
          "description": "Cloud Pak System versions 2.3.3.x  ant\u00e9rieures \u00e0 2.3.4.1 pour Intel",
          "product": {
            "name": "Cloud Pak System",
            "vendor": {
              "name": "IBM",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2024-42459",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-42459"
        },
        {
          "name": "CVE-2024-55907",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-55907"
        },
        {
          "name": "CVE-2024-43799",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-43799"
        },
        {
          "name": "CVE-2024-42460",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-42460"
        },
        {
          "name": "CVE-2024-25026",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-25026"
        },
        {
          "name": "CVE-2024-47764",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-47764"
        },
        {
          "name": "CVE-2024-48948",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-48948"
        },
        {
          "name": "CVE-2024-45296",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
        },
        {
          "name": "CVE-2025-0895",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-0895"
        },
        {
          "name": "CVE-2024-52798",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-52798"
        },
        {
          "name": "CVE-2024-43800",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-43800"
        },
        {
          "name": "CVE-2024-42461",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-42461"
        },
        {
          "name": "CVE-2024-26026",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-26026"
        }
      ],
      "initial_release_date": "2025-03-07T00:00:00",
      "last_revision_date": "2025-03-07T00:00:00",
      "links": [],
      "reference": "CERTFR-2025-AVI-0186",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2025-03-07T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        },
        {
          "description": "Injection de code indirecte \u00e0 distance (XSS)"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une injection de code indirecte \u00e0 distance (XSS).",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
      "vendor_advisories": [
        {
          "published_at": "2025-03-03",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7184659",
          "url": "https://www.ibm.com/support/pages/node/7184659"
        },
        {
          "published_at": "2025-03-01",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7184429",
          "url": "https://www.ibm.com/support/pages/node/7184429"
        },
        {
          "published_at": "2025-03-06",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7184955",
          "url": "https://www.ibm.com/support/pages/node/7184955"
        },
        {
          "published_at": "2025-03-01",
          "title": "Bulletin de s\u00e9curit\u00e9 IBM 7184430",
          "url": "https://www.ibm.com/support/pages/node/7184430"
        }
      ]
    }

    CVE-2023-38005 (GCVE-0-2023-38005)

    Vulnerability from nvd – Published: 2026-02-17 21:49 – Updated: 2026-02-18 20:44
    VLAI
    Title
    Improper Access Control and Exposure of Information Through Directory Listing vulnerabilities affect IBM Cloud Pak System[, ]
    Summary
    IBM Cloud Pak System 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0 could allow an authenticated user to perform unauthorized tasks due to improper access controls.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7259955 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Cloud Pak System Affected: 2.3.3.6 , ≤ 2.1.0 (semver)
    Affected: 2.3.3.7
    Affected: 2.3.4.0
    Affected: 2.3.4.1
    Affected: 2.3.5.0
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.5.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-38005",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-18T20:44:04.180448Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-18T20:44:11.979Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.5.0:*:*:*:*:*:*:*"
              ],
              "product": "Cloud Pak System",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "2.1.0",
                  "status": "affected",
                  "version": "2.3.3.6",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "2.3.3.7"
                },
                {
                  "status": "affected",
                  "version": "2.3.4.0"
                },
                {
                  "status": "affected",
                  "version": "2.3.4.1"
                },
                {
                  "status": "affected",
                  "version": "2.3.5.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM Cloud Pak System 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0 could allow an authenticated user to perform unauthorized tasks due to improper access controls.\u003c/p\u003e"
                }
              ],
              "value": "IBM Cloud Pak System 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0 could allow an authenticated user to perform unauthorized tasks due to improper access controls."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284 Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-17T21:49:59.841Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7259955"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThis Security Bulletin applies to IBM Cloud Pak System, IBM Cloud Pak System Software, IBM Cloud Pak System Software Suite. For Intel releases, IBM strongly recommends addressing this vulnerability now by upgrading to\u0026nbsp; v2.3.4.1 Interim Fix 1 or latest upgrade to Cloud Pak System 2.3.6.1 , For Power, contact IBM Support. For unsupported versions the recommendation is to upgrade/migrate to supported version of the product.\u003c/p\u003e"
                }
              ],
              "value": "This Security Bulletin applies to IBM Cloud Pak System, IBM Cloud Pak System Software, IBM Cloud Pak System Software Suite. For Intel releases, IBM strongly recommends addressing this vulnerability now by upgrading to\u00a0 v2.3.4.1 Interim Fix 1 or latest upgrade to Cloud Pak System 2.3.6.1 , For Power, contact IBM Support. For unsupported versions the recommendation is to upgrade/migrate to supported version of the product."
            }
          ],
          "title": "Improper Access Control and Exposure of Information Through Directory Listing vulnerabilities affect IBM Cloud Pak System[, ]",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2023-38005",
        "datePublished": "2026-02-17T21:49:59.841Z",
        "dateReserved": "2023-07-11T17:33:11.275Z",
        "dateUpdated": "2026-02-18T20:44:11.979Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-38265 (GCVE-0-2023-38265)

    Vulnerability from nvd – Published: 2026-02-17 19:06 – Updated: 2026-02-17 22:04
    VLAI
    Title
    Improper Access Control and Exposure of Information Through Directory Listing vulnerabilities affect IBM Cloud Pak System[, ]
    Summary
    IBM Cloud Pak System 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0 could disclose folder location information to an unauthenticated attacker that could aid in further attacks against the system.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-548 - Exposure of Information Through Directory Listing
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7259955 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Cloud Pak System Affected: 2.3.3.6 , ≤ 2.1.0 (semver)
    Affected: 2.3.3.7
    Affected: 2.3.4.0
    Affected: 2.3.4.1
    Affected: 2.3.5.0
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.5.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-38265",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-17T19:52:30.062814Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-17T19:52:46.333Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.5.0:*:*:*:*:*:*:*"
              ],
              "product": "Cloud Pak System",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "2.1.0",
                  "status": "affected",
                  "version": "2.3.3.6",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "2.3.3.7"
                },
                {
                  "status": "affected",
                  "version": "2.3.4.0"
                },
                {
                  "status": "affected",
                  "version": "2.3.4.1"
                },
                {
                  "status": "affected",
                  "version": "2.3.5.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM Cloud Pak System 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0 could disclose folder location information to an unauthenticated attacker that could aid in further attacks against the system.\u003c/p\u003e"
                }
              ],
              "value": "IBM Cloud Pak System 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0 could disclose folder location information to an unauthenticated attacker that could aid in further attacks against the system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-548",
                  "description": "CWE-548 Exposure of Information Through Directory Listing",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-17T22:04:05.120Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7259955"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThis Security Bulletin applies to IBM Cloud Pak System, IBM Cloud Pak System Software, IBM Cloud Pak System Software Suite. For Intel releases, IBM strongly recommends addressing this vulnerability now by upgrading to\u0026nbsp; v2.3.4.1 Interim Fix 1 or latest upgrade to Cloud Pak System 2.3.6.1 , For Power, contact IBM Support. For unsupported versions the recommendation is to upgrade/migrate to supported version of the product.\u003c/p\u003e"
                }
              ],
              "value": "This Security Bulletin applies to IBM Cloud Pak System, IBM Cloud Pak System Software, IBM Cloud Pak System Software Suite. For Intel releases, IBM strongly recommends addressing this vulnerability now by upgrading to\u00a0 v2.3.4.1 Interim Fix 1 or latest upgrade to Cloud Pak System 2.3.6.1 , For Power, contact IBM Support. For unsupported versions the recommendation is to upgrade/migrate to supported version of the product."
            }
          ],
          "title": "Improper Access Control and Exposure of Information Through Directory Listing vulnerabilities affect IBM Cloud Pak System[, ]",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2023-38265",
        "datePublished": "2026-02-17T19:06:58.470Z",
        "dateReserved": "2023-07-14T00:46:14.889Z",
        "dateUpdated": "2026-02-17T22:04:05.120Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-38281 (GCVE-0-2023-38281)

    Vulnerability from nvd – Published: 2026-02-04 20:45 – Updated: 2026-02-05 14:32
    VLAI
    Title
    Multiple Vulnerabilities in IBM Cloud Pak System
    Summary
    IBM Cloud Pak System does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-209 - Generation of Error Message Containing Sensitive Information
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7254419 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Cloud Pak System Affected: 2.3.4.0 (semver)
    Affected: 2.3.4.1 (semver)
    Affected: 2.3.4.1 Interim Fix 001 (semver)
    Affected: 2.3.5.0
    Affected: 2.3.6.0
        cpe:2.3:a:ibm:cloud_pak_system:2.3.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.4.1:ifix1:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.5.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.6.0:*:*:*:*:*:*:*
    Create a notification for this product.
    IBM OS Image for Red Hat Linux Systems Affected: 4.0.4.0
    Affected: 4.0.5.0
    Affected: 4.0.6.0
    Affected: 4.0.7.0
    Affected: 5.0.0.0
    Affected: 5.0.1.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-38281",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-05T14:24:52.006031Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-05T14:32:12.741Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.4.1:ifix1:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.5.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.6.0:*:*:*:*:*:*:*"
              ],
              "product": "Cloud Pak System",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.3.4.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "2.3.4.1",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "2.3.4.1 Interim Fix 001",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "2.3.5.0"
                },
                {
                  "status": "affected",
                  "version": "2.3.6.0"
                }
              ]
            },
            {
              "product": "OS Image for Red Hat Linux Systems",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.0.4.0"
                },
                {
                  "status": "affected",
                  "version": "4.0.5.0"
                },
                {
                  "status": "affected",
                  "version": "4.0.6.0"
                },
                {
                  "status": "affected",
                  "version": "4.0.7.0"
                },
                {
                  "status": "affected",
                  "version": "5.0.0.0"
                },
                {
                  "status": "affected",
                  "version": "5.0.1.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM Cloud Pak System \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003edoes not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic.\u003c/span\u003e\u003c/span\u003e\u003c/p\u003e"
                }
              ],
              "value": "IBM Cloud Pak System does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-209",
                  "description": "CWE-209 Generation of Error Message Containing Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-04T20:45:05.686Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7254419"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003cp\u003e\u003cstrong\u003eIBM strongly recommends addressing the vulnerabilities now by \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/node/7254396\"\u003eupgrading to version 2.3.6.1\u003c/a\u003e\u003c/strong\u003e\u003cstrong\u003e. \u003c/strong\u003e\u003c/p\u003e\u003cp\u003eIBM Cloud Pak System provides OS image for Red Hat Enterprise Linux System 4.0.8.0 based on Red Hat Enterprise Linux 8.10 and OS image for Red Hat Enterprise Linux System 5.0.3 based on Red Hat Enterprise Linux 9.6. IBM Cloud Pak System provides IBM WebSphere Application Server Liberty V25.0.0.9; IBM Storage Scale is also upgraded to IBM Storage Scale V5.2.3.3.\u003c/p\u003e\u003cp\u003eFor Power, contact IBM Support.\u003c/p\u003e\u003cp\u003eThis Security bulletin applies to IBM Cloud Pak System, IBM Cloud Pak System Software, and IBM Cloud Pak System Software Suite.\u003c/p\u003e\u003cp\u003eInformation on upgrading here \u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.ibm.com/support/docview.wss?uid=ibm10887959\"\u003ehttp://www.ibm.com/support/docview.wss?uid=ibm10887959\u003c/a\u003e\u003c/p\u003e\u003c/div\u003e\u003cp\u003eFor unsupported versions the recommendation is to upgrade to a supported version of the product.\u003c/p\u003e\u003cbr\u003e"
                }
              ],
              "value": "IBM strongly recommends addressing the vulnerabilities now by  http://www.ibm.com/support/docview.wss?uid=ibm10887959 \n\n\n\nFor unsupported versions the recommendation is to upgrade to a supported version of the product."
            }
          ],
          "title": "Multiple Vulnerabilities in IBM Cloud Pak System",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2023-38281",
        "datePublished": "2026-02-04T20:45:05.686Z",
        "dateReserved": "2023-07-14T00:46:27.165Z",
        "dateUpdated": "2026-02-05T14:32:12.741Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-38017 (GCVE-0-2023-38017)

    Vulnerability from nvd – Published: 2026-02-04 20:44 – Updated: 2026-02-05 14:32
    VLAI
    Title
    Multiple Vulnerabilities in IBM Cloud Pak System
    Summary
    IBM Cloud Pak System is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-209 - Generation of Error Message Containing Sensitive Information
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7254419 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Cloud Pak System Affected: 2.3.4.0 (semver)
    Affected: 2.3.4.1 (semver)
    Affected: 2.3.4.1 Interim Fix 001 (semver)
    Affected: 2.3.5.0
    Affected: 2.3.6.0
        cpe:2.3:a:ibm:cloud_pak_system:2.3.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.4.1:ifix1:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.5.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.6.0:*:*:*:*:*:*:*
    Create a notification for this product.
    IBM OS Image for Red Hat Linux Systems Affected: 4.0.4.0
    Affected: 4.0.5.0
    Affected: 4.0.6.0
    Affected: 4.0.7.0
    Affected: 5.0.0.0
    Affected: 5.0.1.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-38017",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-05T14:24:53.319334Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-05T14:32:17.345Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.4.1:ifix1:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.5.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.6.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Cloud Pak System",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.3.4.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "2.3.4.1",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "2.3.4.1 Interim Fix 001",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "2.3.5.0"
                },
                {
                  "status": "affected",
                  "version": "2.3.6.0"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "OS Image for Red Hat Linux Systems",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.0.4.0"
                },
                {
                  "status": "affected",
                  "version": "4.0.5.0"
                },
                {
                  "status": "affected",
                  "version": "4.0.6.0"
                },
                {
                  "status": "affected",
                  "version": "4.0.7.0"
                },
                {
                  "status": "affected",
                  "version": "5.0.0.0"
                },
                {
                  "status": "affected",
                  "version": "5.0.1.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM Cloud Pak System\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eis vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.\u003c/span\u003e\u003c/p\u003e"
                }
              ],
              "value": "IBM Cloud Pak System\u00a0is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-209",
                  "description": "CWE-209 Generation of Error Message Containing Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-04T20:46:40.603Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7254419"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003cp\u003e\u003cstrong\u003eIBM strongly recommends addressing the vulnerabilities now by \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/node/7254396\"\u003eupgrading to version 2.3.6.1\u003c/a\u003e\u003c/strong\u003e\u003cstrong\u003e. \u003c/strong\u003e\u003c/p\u003e\u003cp\u003eIBM Cloud Pak System provides OS image for Red Hat Enterprise Linux System 4.0.8.0 based on Red Hat Enterprise Linux 8.10 and OS image for Red Hat Enterprise Linux System 5.0.3 based on Red Hat Enterprise Linux 9.6. IBM Cloud Pak System provides IBM WebSphere Application Server Liberty V25.0.0.9; IBM Storage Scale is also upgraded to IBM Storage Scale V5.2.3.3.\u003c/p\u003e\u003cp\u003eFor Power, contact IBM Support.\u003c/p\u003e\u003cp\u003eThis Security bulletin applies to IBM Cloud Pak System, IBM Cloud Pak System Software, and IBM Cloud Pak System Software Suite.\u003c/p\u003e\u003cp\u003eInformation on upgrading here \u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.ibm.com/support/docview.wss?uid=ibm10887959\"\u003ehttp://www.ibm.com/support/docview.wss?uid=ibm10887959\u003c/a\u003e\u003c/p\u003e\u003c/div\u003e\u003cp\u003eFor unsupported versions the recommendation is to upgrade to a supported version of the product.\u003c/p\u003e\u003cbr\u003e"
                }
              ],
              "value": "IBM strongly recommends addressing the vulnerabilities now by  http://www.ibm.com/support/docview.wss?uid=ibm10887959 \n\n\n\nFor unsupported versions the recommendation is to upgrade to a supported version of the product."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Multiple Vulnerabilities in IBM Cloud Pak System",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2023-38017",
        "datePublished": "2026-02-04T20:44:04.452Z",
        "dateReserved": "2023-07-11T17:33:12.813Z",
        "dateUpdated": "2026-02-05T14:32:17.345Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-38010 (GCVE-0-2023-38010)

    Vulnerability from nvd – Published: 2026-02-04 20:24 – Updated: 2026-02-04 20:49
    VLAI
    Title
    Multiple Vulnerabilities in IBM Cloud Pak System
    Summary
    IBM Cloud Pak System displays sensitive information in user messages that could aid in further attacks against the system.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-209 - Generation of Error Message Containing Sensitive Information
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7254419 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Cloud Pak System Affected: 2.3.4.0 (semver)
    Affected: 2.3.4.1 (semver)
    Affected: 2.3.4.1 Interim Fix 001 (semver)
    Affected: 2.3.5.0
    Affected: 2.3.6.0
        cpe:2.3:a:ibm:cloud_pak_system:2.3.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.4.1:ifix1:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.5.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.6.0:*:*:*:*:*:*:*
    Create a notification for this product.
    IBM OS Image for Red Hat Linux Systems Affected: 4.0.4.0
    Affected: 4.0.5.0
    Affected: 4.0.6.0
    Affected: 4.0.7.0
    Affected: 5.0.0.0
    Affected: 5.0.1.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-38010",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-04T20:48:48.904709Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-04T20:49:00.786Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.4.1:ifix1:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.5.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.6.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Cloud Pak System",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.3.4.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "2.3.4.1",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "2.3.4.1 Interim Fix 001",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "2.3.5.0"
                },
                {
                  "status": "affected",
                  "version": "2.3.6.0"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "OS Image for Red Hat Linux Systems",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.0.4.0"
                },
                {
                  "status": "affected",
                  "version": "4.0.5.0"
                },
                {
                  "status": "affected",
                  "version": "4.0.6.0"
                },
                {
                  "status": "affected",
                  "version": "4.0.7.0"
                },
                {
                  "status": "affected",
                  "version": "5.0.0.0"
                },
                {
                  "status": "affected",
                  "version": "5.0.1.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM Cloud Pak System displays sensitive information in user messages that could aid in further attacks against the system.\u003c/p\u003e"
                }
              ],
              "value": "IBM Cloud Pak System displays sensitive information in user messages that could aid in further attacks against the system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-209",
                  "description": "CWE-209 Generation of Error Message Containing Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-04T20:46:18.289Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7254419"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003cp\u003e\u003cstrong\u003eIBM strongly recommends addressing the vulnerabilities now by \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/node/7254396\"\u003eupgrading to version 2.3.6.1\u003c/a\u003e\u003c/strong\u003e\u003cstrong\u003e. \u003c/strong\u003e\u003c/p\u003e\u003cp\u003eIBM Cloud Pak System provides OS image for Red Hat Enterprise Linux System 4.0.8.0 based on Red Hat Enterprise Linux 8.10 and OS image for Red Hat Enterprise Linux System 5.0.3 based on Red Hat Enterprise Linux 9.6. IBM Cloud Pak System provides IBM WebSphere Application Server Liberty V25.0.0.9; IBM Storage Scale is also upgraded to IBM Storage Scale V5.2.3.3.\u003c/p\u003e\u003cp\u003eFor Power, contact IBM Support.\u003c/p\u003e\u003cp\u003eThis Security bulletin applies to IBM Cloud Pak System, IBM Cloud Pak System Software, and IBM Cloud Pak System Software Suite.\u003c/p\u003e\u003cp\u003eInformation on upgrading here \u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.ibm.com/support/docview.wss?uid=ibm10887959\"\u003ehttp://www.ibm.com/support/docview.wss?uid=ibm10887959\u003c/a\u003e\u003c/p\u003e\u003c/div\u003e\u003cp\u003eFor unsupported versions the recommendation is to upgrade to a supported version of the product.\u003c/p\u003e\u003cbr\u003e"
                }
              ],
              "value": "IBM strongly recommends addressing the vulnerabilities now by  http://www.ibm.com/support/docview.wss?uid=ibm10887959 \n\n\n\nFor unsupported versions the recommendation is to upgrade to a supported version of the product."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Multiple Vulnerabilities in IBM Cloud Pak System",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2023-38010",
        "datePublished": "2026-02-04T20:24:56.127Z",
        "dateReserved": "2023-07-11T17:33:11.276Z",
        "dateUpdated": "2026-02-04T20:49:00.786Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-2895 (GCVE-0-2025-2895)

    Vulnerability from nvd – Published: 2025-06-30 14:39 – Updated: 2025-08-24 11:36
    VLAI
    Title
    IBM Cloud Pak System HTML injection
    Summary
    IBM Cloud Pak System 2.3.3.6, 2.3.36 iFix1, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0, 2.3.4.1, and 2.3.4.1 iFix1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7237164 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Cloud Pak System Affected: 2.3.3.6 , ≤ 2.3.36 iFix1 (semver)
    Affected: 2.3.3.7 , ≤ 2.3.3.7 iFix1 (semver)
    Affected: 2.3.4.0
    Affected: 2.3.4.1 , ≤ 2.3.4.1 iFix1 (semver)
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix1:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:ifix1:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.4.1:ifix1:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-2895",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-30T14:59:12.440305Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-30T14:59:26.584Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix1:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:ifix1:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.4.1:ifix1:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Cloud Pak System",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "2.3.36 iFix1",
                  "status": "affected",
                  "version": "2.3.3.6",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "2.3.3.7 iFix1",
                  "status": "affected",
                  "version": "2.3.3.7",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "2.3.4.0"
                },
                {
                  "lessThanOrEqual": "2.3.4.1 iFix1",
                  "status": "affected",
                  "version": "2.3.4.1",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Cloud Pak System 2.3.3.6, 2.3.36 iFix1, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0, 2.3.4.1, and 2.3.4.1 iFix1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim\u0027s Web browser within the security context of the hosting site."
                }
              ],
              "value": "IBM Cloud Pak System 2.3.3.6, 2.3.36 iFix1, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0, 2.3.4.1, and 2.3.4.1 iFix1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim\u0027s Web browser within the security context of the hosting site."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-80",
                  "description": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-24T11:36:47.304Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7237164"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "This security bulletin applies to IBM Cloud Pak System, IBM Cloud Pak System Software, IBM Cloud Pak System Software Suite. \u003cbr\u003e\u003cbr\u003eFor Intel releases, IBM strongly recommends addressing these vulnerabilities now by upgrading to IBM Cloud Pak System v2.3.6.0 available from IBM Fix Central/Passport Advantage Online,\u003cbr\u003e\u003cbr\u003e\u2028Information on upgrading here \u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.ibm.com/support/docview.wss?uid=ibm10887959\"\u003ehttp://www.ibm.com/support/docview.wss?uid=ibm10887959\u003c/a\u003e\u003cbr\u003e\u003cbr\u003eFor Power, contact IBM Support.\u003cbr\u003e\u003cbr\u003e \u003cbr\u003e\u003cbr\u003eFor unsupported versions the recommendation is to upgrade to supported version of the product.\u003cbr\u003e"
                }
              ],
              "value": "This security bulletin applies to IBM Cloud Pak System, IBM Cloud Pak System Software, IBM Cloud Pak System Software Suite. \n\nFor Intel releases, IBM strongly recommends addressing these vulnerabilities now by upgrading to IBM Cloud Pak System v2.3.6.0 available from IBM Fix Central/Passport Advantage Online,\n\n\u2028Information on upgrading here  http://www.ibm.com/support/docview.wss?uid=ibm10887959 \n\nFor Power, contact IBM Support.\n\n \n\nFor unsupported versions the recommendation is to upgrade to supported version of the product."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Cloud Pak System HTML injection",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-2895",
        "datePublished": "2025-06-30T14:39:43.041Z",
        "dateReserved": "2025-03-28T02:06:17.704Z",
        "dateUpdated": "2025-08-24T11:36:47.304Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-38007 (GCVE-0-2023-38007)

    Vulnerability from nvd – Published: 2025-06-27 14:48 – Updated: 2025-08-17 00:24
    VLAI
    Title
    IBM Cloud Pak System HTML injection
    Summary
    IBM Cloud Pak System 2.3.5.0, 2.3.3.7, 2.3.3.7 iFix1 on Power and 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.4.0, 2.3.4.1 on Intel operating systems is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7237162 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Cloud Pak System Affected: 2.3.5.0
    Affected: 2.3.3.7
    Affected: 2.3.3.7 iFix1
        cpe:2.3:a:ibm:cloud_pak_system:2.3.5.5:*:*:*:*:power:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:*:*:*:*:power:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:ifix1:*:*:*:power:*:*
    Create a notification for this product.
    IBM Cloud Pak System Affected: 2.3.3.6
    Affected: 2.3.3.6 iFix1
    Affected: 2.3.3.6 iFix2
    Affected: 2.3.4.0
    Affected: 2.3.4.1
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix1:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix2:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.4.1:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-38007",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-27T15:01:40.406081Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-27T15:01:48.933Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.5.5:*:*:*:*:power:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:*:*:*:*:power:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:ifix1:*:*:*:power:*:*"
              ],
              "defaultStatus": "unaffected",
              "platforms": [
                "Power"
              ],
              "product": "Cloud Pak System",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.3.5.0"
                },
                {
                  "status": "affected",
                  "version": "2.3.3.7"
                },
                {
                  "status": "affected",
                  "version": "2.3.3.7 iFix1"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix1:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix2:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.4.1:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "platforms": [
                "x86"
              ],
              "product": "Cloud Pak System",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.3.3.6"
                },
                {
                  "status": "affected",
                  "version": "2.3.3.6 iFix1"
                },
                {
                  "status": "affected",
                  "version": "2.3.3.6 iFix2"
                },
                {
                  "status": "affected",
                  "version": "2.3.4.0"
                },
                {
                  "status": "affected",
                  "version": "2.3.4.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Cloud Pak System 2.3.5.0, 2.3.3.7, 2.3.3.7 iFix1 on Power and 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.4.0, 2.3.4.1 on Intel operating systems is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim\u0027s Web browser within the security context of the hosting site."
                }
              ],
              "value": "IBM Cloud Pak System 2.3.5.0, 2.3.3.7, 2.3.3.7 iFix1 on Power and 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.4.0, 2.3.4.1 on Intel operating systems is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim\u0027s Web browser within the security context of the hosting site."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-80",
                  "description": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-17T00:24:09.866Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7237162"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "This Security Bulletin applies to IBM Cloud Pak System, IBM Cloud Pak System Software, IBM Cloud Pak System Software Suite.\u003cbr\u003e\u003cbr\u003eFor Intel releases, IBM strongly recommends addressing this vulnerability now by upgrading to IBM Cloud Pak System v2.3.4.1 Interim Fix 1 available at IBM Fix Central, \u003cbr\u003e\u003cbr\u003einformation on upgrading here \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/node/7178546\"\u003ehttps://www.ibm.com/support/pages/node/7178546\u003c/a\u003e\u003cbr\u003e\u003cbr\u003eFor Power, contact IBM Support.\u003cbr\u003e\u003cbr\u003eFor unsupported versions the recommendation is to upgrade/migrate to supported version of the product.\u003cbr\u003e"
                }
              ],
              "value": "This Security Bulletin applies to IBM Cloud Pak System, IBM Cloud Pak System Software, IBM Cloud Pak System Software Suite.\n\nFor Intel releases, IBM strongly recommends addressing this vulnerability now by upgrading to IBM Cloud Pak System v2.3.4.1 Interim Fix 1 available at IBM Fix Central, \n\ninformation on upgrading here  https://www.ibm.com/support/pages/node/7178546 \n\nFor Power, contact IBM Support.\n\nFor unsupported versions the recommendation is to upgrade/migrate to supported version of the product."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Cloud Pak System HTML injection",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2023-38007",
        "datePublished": "2025-06-27T14:48:28.581Z",
        "dateReserved": "2023-07-11T17:33:11.275Z",
        "dateUpdated": "2025-08-17T00:24:09.866Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-38272 (GCVE-0-2023-38272)

    Vulnerability from nvd – Published: 2025-03-27 17:21 – Updated: 2025-08-17 01:11
    VLAI
    Title
    IBM Cloud Pak System information disclosure
    Summary
    IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.36 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0, and 2.3.4.1 could allow a user with access to the network to obtain sensitive information from CLI arguments.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-300 - Channel Accessible by Non-Endpoint
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7229212 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Cloud Pak System Affected: 2.3.3.0
    Affected: 2.3.3.3
    Affected: 2.3.3.3 iFix1
    Affected: 2.3.3.4
    Affected: 2.3.3.5
    Affected: 2.3.3.6
    Affected: 2.3.3.6 iFix1
    Affected: 2.3.3.6 iFix2
    Affected: 2.3.3.7
    Affected: 2.3.3.7 iFix1
    Affected: 2.3.4.0
    Affected: 2.3.4.1
        cpe:2.3:a:ibm:cloud_pak_system:2.3.1.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.3:ifix1:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.4:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.5:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix1:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix2:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:ifix1:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.4.1:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-38272",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-27T18:09:49.868161Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-27T18:10:42.407Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.1.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.3:ifix1:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix1:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix2:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:ifix1:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.4.1:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Cloud Pak System",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.3.3.0"
                },
                {
                  "status": "affected",
                  "version": "2.3.3.3"
                },
                {
                  "status": "affected",
                  "version": "2.3.3.3 iFix1"
                },
                {
                  "status": "affected",
                  "version": "2.3.3.4"
                },
                {
                  "status": "affected",
                  "version": "2.3.3.5"
                },
                {
                  "status": "affected",
                  "version": "2.3.3.6"
                },
                {
                  "status": "affected",
                  "version": "2.3.3.6 iFix1"
                },
                {
                  "status": "affected",
                  "version": "2.3.3.6 iFix2"
                },
                {
                  "status": "affected",
                  "version": "2.3.3.7"
                },
                {
                  "status": "affected",
                  "version": "2.3.3.7 iFix1"
                },
                {
                  "status": "affected",
                  "version": "2.3.4.0"
                },
                {
                  "status": "affected",
                  "version": "2.3.4.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.36 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0, and 2.3.4.1 \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ecould allow a user with access to the network to obtain sensitive information from CLI arguments.\u003c/span\u003e"
                }
              ],
              "value": "IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.36 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0, and 2.3.4.1 \n\ncould allow a user with access to the network to obtain sensitive information from CLI arguments."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-300",
                  "description": "CWE-300 Channel Accessible by Non-Endpoint",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-17T01:11:50.459Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7229212"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Cloud Pak System information disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2023-38272",
        "datePublished": "2025-03-27T17:21:08.596Z",
        "dateReserved": "2023-07-14T00:46:14.891Z",
        "dateUpdated": "2025-08-17T01:11:50.459Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-37405 (GCVE-0-2023-37405)

    Vulnerability from nvd – Published: 2025-03-27 17:20 – Updated: 2025-08-17 01:14
    VLAI
    Title
    IBM Cloud Pak System information disclosure
    Summary
    IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.36 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0, and 2.3.4.1 stores sensitive data in memory, that could be obtained by an unauthorized user.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-311 - Missing Encryption of Sensitive Data
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7229212 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Cloud Pak System Affected: 2.3.3.0
    Affected: 2.3.3.3
    Affected: 2.3.3.3 iFix1
    Affected: 2.3.3.4
    Affected: 2.3.3.5
    Affected: 2.3.3.6
    Affected: 2.3.3.6 iFix1
    Affected: 2.3.3.7
    Affected: 2.3.3.7 iFix1
    Affected: 2.3.4.0
    Affected: 2.3.4.1
        cpe:2.3:a:ibm:cloud_pak_system:2.3.1.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.3:ifix1:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.4:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.5:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix1:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix2:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:ifix1:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.4.1:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-37405",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-27T18:11:13.021060Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-27T18:11:23.196Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.1.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.3:ifix1:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix1:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix2:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:ifix1:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.4.1:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Cloud Pak System",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.3.3.0"
                },
                {
                  "status": "affected",
                  "version": "2.3.3.3"
                },
                {
                  "status": "affected",
                  "version": "2.3.3.3 iFix1"
                },
                {
                  "status": "affected",
                  "version": "2.3.3.4"
                },
                {
                  "status": "affected",
                  "version": "2.3.3.5"
                },
                {
                  "status": "affected",
                  "version": "2.3.3.6"
                },
                {
                  "status": "affected",
                  "version": "2.3.3.6 iFix1"
                },
                {
                  "status": "affected",
                  "version": "2.3.3.7"
                },
                {
                  "status": "affected",
                  "version": "2.3.3.7 iFix1"
                },
                {
                  "status": "affected",
                  "version": "2.3.4.0"
                },
                {
                  "status": "affected",
                  "version": "2.3.4.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.36 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0, and 2.3.4.1 stores sensitive data in memory, that could be obtained by an unauthorized user."
                }
              ],
              "value": "IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.36 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0, and 2.3.4.1 stores sensitive data in memory, that could be obtained by an unauthorized user."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-311",
                  "description": "CWE-311 Missing Encryption of Sensitive Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-17T01:14:54.449Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7229212"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Cloud Pak System information disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2023-37405",
        "datePublished": "2025-03-27T17:20:04.260Z",
        "dateReserved": "2023-07-05T15:59:16.996Z",
        "dateUpdated": "2025-08-17T01:14:54.449Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-38716 (GCVE-0-2023-38716)

    Vulnerability from nvd – Published: 2025-01-25 13:48 – Updated: 2025-01-27 17:04
    VLAI
    Title
    IBM Cloud Pak System information disclosure
    Summary
    IBM Cloud Pak System 2.3.3.6, 2.3.36 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, and 2.3.4.0 could disclose sensitive information about the system that could aid in further attacks against the system.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-209 - Generation of Error Message Containing Sensitive Information
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Cloud Pak System Affected: 2.3.3.6, 2.3.36 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix1:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix2:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:ifix1:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-38716",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-27T17:04:19.635331Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-27T17:04:29.726Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix1:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix2:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:ifix1:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.4.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Cloud Pak System",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.3.3.6, 2.3.36 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Cloud Pak System 2.3.3.6, 2.3.36 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, and 2.3.4.0 could disclose sensitive information about the system that could aid in further attacks against the system."
                }
              ],
              "value": "IBM Cloud Pak System 2.3.3.6, 2.3.36 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, and 2.3.4.0 could disclose sensitive information about the system that could aid in further attacks against the system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-209",
                  "description": "CWE-209 Generation of Error Message Containing Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-25T13:48:45.716Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "url": "https://www.ibm.com/support/pages/node/7148474"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Cloud Pak System information disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2023-38716",
        "datePublished": "2025-01-25T13:48:45.716Z",
        "dateReserved": "2023-07-25T00:00:53.163Z",
        "dateUpdated": "2025-01-27T17:04:29.726Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-38714 (GCVE-0-2023-38714)

    Vulnerability from nvd – Published: 2025-01-25 13:55 – Updated: 2025-01-27 17:01
    VLAI
    Title
    IBM Cloud Pak System information disclosure
    Summary
    IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1 could disclose sensitive information about the system that could aid in further attacks against the system.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-209 - Generation of Error Message Containing Sensitive Information
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Cloud Pak System Affected: 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.3:ifix1:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.4:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.5:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix1:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix2:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:ifix1:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-38714",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-27T17:01:16.708564Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-27T17:01:26.894Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.3:ifix1:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix1:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix2:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:ifix1:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Cloud Pak System",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1\u0026nbsp;could disclose sensitive information about the system that could aid in further attacks against the system."
                }
              ],
              "value": "IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1\u00a0could disclose sensitive information about the system that could aid in further attacks against the system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-209",
                  "description": "CWE-209 Generation of Error Message Containing Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-25T13:55:54.926Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "url": "https://www.ibm.com/support/pages/node/7159533"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Cloud Pak System information disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2023-38714",
        "datePublished": "2025-01-25T13:55:54.926Z",
        "dateReserved": "2023-07-25T00:00:53.163Z",
        "dateUpdated": "2025-01-27T17:01:26.894Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-38713 (GCVE-0-2023-38713)

    Vulnerability from nvd – Published: 2025-01-25 13:56 – Updated: 2025-01-27 14:46
    VLAI
    Title
    IBM Cloud Pak System information disclosure
    Summary
    IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1 could disclose sensitive information about the system that could aid in further attacks against the system.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-209 - Generation of Error Message Containing Sensitive Information
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Cloud Pak System Affected: 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.3:ifix1:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.4:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.5:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix1:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix2:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:ifix1:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-38713",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-27T14:45:36.427434Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-27T14:46:11.289Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.3:ifix1:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix1:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix2:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:ifix1:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Cloud Pak System",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1\u0026nbsp;could disclose sensitive information about the system that could aid in further attacks against the system."
                }
              ],
              "value": "IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1\u00a0could disclose sensitive information about the system that could aid in further attacks against the system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-209",
                  "description": "CWE-209 Generation of Error Message Containing Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-25T13:56:16.547Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "url": "https://www.ibm.com/support/pages/node/7159533"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Cloud Pak System information disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2023-38713",
        "datePublished": "2025-01-25T13:56:16.547Z",
        "dateReserved": "2023-07-25T00:00:53.162Z",
        "dateUpdated": "2025-01-27T14:46:11.289Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-38271 (GCVE-0-2023-38271)

    Vulnerability from nvd – Published: 2025-01-25 13:57 – Updated: 2025-01-27 17:00
    VLAI
    Title
    IBM Cloud Pak System information disclosure
    Summary
    IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1 could allow an authenticated user to obtain sensitive information from log files.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-532 - Insertion of Sensitive Information into Log File
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Cloud Pak System Affected: 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.3:ifix1:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.4:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.5:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix1:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix2:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:ifix1:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-38271",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-27T17:00:35.776203Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-27T17:00:45.724Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.3:ifix1:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix1:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix2:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:ifix1:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Cloud Pak System",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1\u0026nbsp;could allow an authenticated user to obtain sensitive information from log files."
                }
              ],
              "value": "IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1\u00a0could allow an authenticated user to obtain sensitive information from log files."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-532",
                  "description": "CWE-532 Insertion of Sensitive Information into Log File",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-25T13:57:18.288Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "url": "https://www.ibm.com/support/pages/node/7159533"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Cloud Pak System information disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2023-38271",
        "datePublished": "2025-01-25T13:57:18.288Z",
        "dateReserved": "2023-07-14T00:46:14.890Z",
        "dateUpdated": "2025-01-27T17:00:45.724Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-38013 (GCVE-0-2023-38013)

    Vulnerability from nvd – Published: 2025-01-25 13:55 – Updated: 2025-01-27 17:02
    VLAI
    Title
    IBM Cloud Pak System information disclosure
    Summary
    IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1 could disclose sensitive information in HTTP responses that could aid in further attacks against the system.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-201 - Insertion of Sensitive Information Into Sent Data
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Cloud Pak System Affected: 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.3:ifix1:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.4:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.5:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix1:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix2:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:ifix1:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-38013",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-27T17:02:29.965914Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-27T17:02:47.819Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.3:ifix1:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix1:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix2:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:ifix1:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Cloud Pak System",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1 could disclose sensitive information in HTTP responses that could aid in further attacks against the system."
                }
              ],
              "value": "IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1 could disclose sensitive information in HTTP responses that could aid in further attacks against the system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-201",
                  "description": "CWE-201 Insertion of Sensitive Information Into Sent Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-25T13:55:05.494Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "url": "https://www.ibm.com/support/pages/node/7159533"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Cloud Pak System information disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2023-38013",
        "datePublished": "2025-01-25T13:55:05.494Z",
        "dateReserved": "2023-07-11T17:33:12.812Z",
        "dateUpdated": "2025-01-27T17:02:47.819Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-38012 (GCVE-0-2023-38012)

    Vulnerability from nvd – Published: 2025-01-25 13:49 – Updated: 2025-01-27 17:03
    VLAI
    Title
    IBM Cloud Pak System directory traversal
    Summary
    IBM Cloud Pak System 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, and 2.3.4.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Cloud Pak System Affected: 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix1:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix2:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:ifix1:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-38012",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-27T17:03:24.561019Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-27T17:03:37.389Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix1:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix2:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:ifix1:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.4.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Cloud Pak System",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Cloud Pak System 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, and 2.3.4.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system."
                }
              ],
              "value": "IBM Cloud Pak System 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, and 2.3.4.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-25T13:52:16.547Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "url": "https://www.ibm.com/support/pages/node/7148474"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Cloud Pak System directory traversal",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2023-38012",
        "datePublished": "2025-01-25T13:49:36.358Z",
        "dateReserved": "2023-07-11T17:33:12.812Z",
        "dateUpdated": "2025-01-27T17:03:37.389Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-38005 (GCVE-0-2023-38005)

    Vulnerability from cvelistv5 – Published: 2026-02-17 21:49 – Updated: 2026-02-18 20:44
    VLAI
    Title
    Improper Access Control and Exposure of Information Through Directory Listing vulnerabilities affect IBM Cloud Pak System[, ]
    Summary
    IBM Cloud Pak System 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0 could allow an authenticated user to perform unauthorized tasks due to improper access controls.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7259955 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Cloud Pak System Affected: 2.3.3.6 , ≤ 2.1.0 (semver)
    Affected: 2.3.3.7
    Affected: 2.3.4.0
    Affected: 2.3.4.1
    Affected: 2.3.5.0
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.5.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-38005",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-18T20:44:04.180448Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-18T20:44:11.979Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.5.0:*:*:*:*:*:*:*"
              ],
              "product": "Cloud Pak System",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "2.1.0",
                  "status": "affected",
                  "version": "2.3.3.6",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "2.3.3.7"
                },
                {
                  "status": "affected",
                  "version": "2.3.4.0"
                },
                {
                  "status": "affected",
                  "version": "2.3.4.1"
                },
                {
                  "status": "affected",
                  "version": "2.3.5.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM Cloud Pak System 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0 could allow an authenticated user to perform unauthorized tasks due to improper access controls.\u003c/p\u003e"
                }
              ],
              "value": "IBM Cloud Pak System 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0 could allow an authenticated user to perform unauthorized tasks due to improper access controls."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284 Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-17T21:49:59.841Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7259955"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThis Security Bulletin applies to IBM Cloud Pak System, IBM Cloud Pak System Software, IBM Cloud Pak System Software Suite. For Intel releases, IBM strongly recommends addressing this vulnerability now by upgrading to\u0026nbsp; v2.3.4.1 Interim Fix 1 or latest upgrade to Cloud Pak System 2.3.6.1 , For Power, contact IBM Support. For unsupported versions the recommendation is to upgrade/migrate to supported version of the product.\u003c/p\u003e"
                }
              ],
              "value": "This Security Bulletin applies to IBM Cloud Pak System, IBM Cloud Pak System Software, IBM Cloud Pak System Software Suite. For Intel releases, IBM strongly recommends addressing this vulnerability now by upgrading to\u00a0 v2.3.4.1 Interim Fix 1 or latest upgrade to Cloud Pak System 2.3.6.1 , For Power, contact IBM Support. For unsupported versions the recommendation is to upgrade/migrate to supported version of the product."
            }
          ],
          "title": "Improper Access Control and Exposure of Information Through Directory Listing vulnerabilities affect IBM Cloud Pak System[, ]",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2023-38005",
        "datePublished": "2026-02-17T21:49:59.841Z",
        "dateReserved": "2023-07-11T17:33:11.275Z",
        "dateUpdated": "2026-02-18T20:44:11.979Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-38265 (GCVE-0-2023-38265)

    Vulnerability from cvelistv5 – Published: 2026-02-17 19:06 – Updated: 2026-02-17 22:04
    VLAI
    Title
    Improper Access Control and Exposure of Information Through Directory Listing vulnerabilities affect IBM Cloud Pak System[, ]
    Summary
    IBM Cloud Pak System 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0 could disclose folder location information to an unauthenticated attacker that could aid in further attacks against the system.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-548 - Exposure of Information Through Directory Listing
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7259955 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Cloud Pak System Affected: 2.3.3.6 , ≤ 2.1.0 (semver)
    Affected: 2.3.3.7
    Affected: 2.3.4.0
    Affected: 2.3.4.1
    Affected: 2.3.5.0
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.5.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-38265",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-17T19:52:30.062814Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-17T19:52:46.333Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.5.0:*:*:*:*:*:*:*"
              ],
              "product": "Cloud Pak System",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "2.1.0",
                  "status": "affected",
                  "version": "2.3.3.6",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "2.3.3.7"
                },
                {
                  "status": "affected",
                  "version": "2.3.4.0"
                },
                {
                  "status": "affected",
                  "version": "2.3.4.1"
                },
                {
                  "status": "affected",
                  "version": "2.3.5.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM Cloud Pak System 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0 could disclose folder location information to an unauthenticated attacker that could aid in further attacks against the system.\u003c/p\u003e"
                }
              ],
              "value": "IBM Cloud Pak System 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0 could disclose folder location information to an unauthenticated attacker that could aid in further attacks against the system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-548",
                  "description": "CWE-548 Exposure of Information Through Directory Listing",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-17T22:04:05.120Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7259955"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThis Security Bulletin applies to IBM Cloud Pak System, IBM Cloud Pak System Software, IBM Cloud Pak System Software Suite. For Intel releases, IBM strongly recommends addressing this vulnerability now by upgrading to\u0026nbsp; v2.3.4.1 Interim Fix 1 or latest upgrade to Cloud Pak System 2.3.6.1 , For Power, contact IBM Support. For unsupported versions the recommendation is to upgrade/migrate to supported version of the product.\u003c/p\u003e"
                }
              ],
              "value": "This Security Bulletin applies to IBM Cloud Pak System, IBM Cloud Pak System Software, IBM Cloud Pak System Software Suite. For Intel releases, IBM strongly recommends addressing this vulnerability now by upgrading to\u00a0 v2.3.4.1 Interim Fix 1 or latest upgrade to Cloud Pak System 2.3.6.1 , For Power, contact IBM Support. For unsupported versions the recommendation is to upgrade/migrate to supported version of the product."
            }
          ],
          "title": "Improper Access Control and Exposure of Information Through Directory Listing vulnerabilities affect IBM Cloud Pak System[, ]",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2023-38265",
        "datePublished": "2026-02-17T19:06:58.470Z",
        "dateReserved": "2023-07-14T00:46:14.889Z",
        "dateUpdated": "2026-02-17T22:04:05.120Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-38281 (GCVE-0-2023-38281)

    Vulnerability from cvelistv5 – Published: 2026-02-04 20:45 – Updated: 2026-02-05 14:32
    VLAI
    Title
    Multiple Vulnerabilities in IBM Cloud Pak System
    Summary
    IBM Cloud Pak System does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-209 - Generation of Error Message Containing Sensitive Information
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7254419 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Cloud Pak System Affected: 2.3.4.0 (semver)
    Affected: 2.3.4.1 (semver)
    Affected: 2.3.4.1 Interim Fix 001 (semver)
    Affected: 2.3.5.0
    Affected: 2.3.6.0
        cpe:2.3:a:ibm:cloud_pak_system:2.3.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.4.1:ifix1:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.5.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.6.0:*:*:*:*:*:*:*
    Create a notification for this product.
    IBM OS Image for Red Hat Linux Systems Affected: 4.0.4.0
    Affected: 4.0.5.0
    Affected: 4.0.6.0
    Affected: 4.0.7.0
    Affected: 5.0.0.0
    Affected: 5.0.1.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-38281",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-05T14:24:52.006031Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-05T14:32:12.741Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.4.1:ifix1:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.5.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.6.0:*:*:*:*:*:*:*"
              ],
              "product": "Cloud Pak System",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.3.4.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "2.3.4.1",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "2.3.4.1 Interim Fix 001",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "2.3.5.0"
                },
                {
                  "status": "affected",
                  "version": "2.3.6.0"
                }
              ]
            },
            {
              "product": "OS Image for Red Hat Linux Systems",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.0.4.0"
                },
                {
                  "status": "affected",
                  "version": "4.0.5.0"
                },
                {
                  "status": "affected",
                  "version": "4.0.6.0"
                },
                {
                  "status": "affected",
                  "version": "4.0.7.0"
                },
                {
                  "status": "affected",
                  "version": "5.0.0.0"
                },
                {
                  "status": "affected",
                  "version": "5.0.1.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM Cloud Pak System \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003edoes not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic.\u003c/span\u003e\u003c/span\u003e\u003c/p\u003e"
                }
              ],
              "value": "IBM Cloud Pak System does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-209",
                  "description": "CWE-209 Generation of Error Message Containing Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-04T20:45:05.686Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7254419"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003cp\u003e\u003cstrong\u003eIBM strongly recommends addressing the vulnerabilities now by \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/node/7254396\"\u003eupgrading to version 2.3.6.1\u003c/a\u003e\u003c/strong\u003e\u003cstrong\u003e. \u003c/strong\u003e\u003c/p\u003e\u003cp\u003eIBM Cloud Pak System provides OS image for Red Hat Enterprise Linux System 4.0.8.0 based on Red Hat Enterprise Linux 8.10 and OS image for Red Hat Enterprise Linux System 5.0.3 based on Red Hat Enterprise Linux 9.6. IBM Cloud Pak System provides IBM WebSphere Application Server Liberty V25.0.0.9; IBM Storage Scale is also upgraded to IBM Storage Scale V5.2.3.3.\u003c/p\u003e\u003cp\u003eFor Power, contact IBM Support.\u003c/p\u003e\u003cp\u003eThis Security bulletin applies to IBM Cloud Pak System, IBM Cloud Pak System Software, and IBM Cloud Pak System Software Suite.\u003c/p\u003e\u003cp\u003eInformation on upgrading here \u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.ibm.com/support/docview.wss?uid=ibm10887959\"\u003ehttp://www.ibm.com/support/docview.wss?uid=ibm10887959\u003c/a\u003e\u003c/p\u003e\u003c/div\u003e\u003cp\u003eFor unsupported versions the recommendation is to upgrade to a supported version of the product.\u003c/p\u003e\u003cbr\u003e"
                }
              ],
              "value": "IBM strongly recommends addressing the vulnerabilities now by  http://www.ibm.com/support/docview.wss?uid=ibm10887959 \n\n\n\nFor unsupported versions the recommendation is to upgrade to a supported version of the product."
            }
          ],
          "title": "Multiple Vulnerabilities in IBM Cloud Pak System",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2023-38281",
        "datePublished": "2026-02-04T20:45:05.686Z",
        "dateReserved": "2023-07-14T00:46:27.165Z",
        "dateUpdated": "2026-02-05T14:32:12.741Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-38017 (GCVE-0-2023-38017)

    Vulnerability from cvelistv5 – Published: 2026-02-04 20:44 – Updated: 2026-02-05 14:32
    VLAI
    Title
    Multiple Vulnerabilities in IBM Cloud Pak System
    Summary
    IBM Cloud Pak System is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-209 - Generation of Error Message Containing Sensitive Information
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7254419 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Cloud Pak System Affected: 2.3.4.0 (semver)
    Affected: 2.3.4.1 (semver)
    Affected: 2.3.4.1 Interim Fix 001 (semver)
    Affected: 2.3.5.0
    Affected: 2.3.6.0
        cpe:2.3:a:ibm:cloud_pak_system:2.3.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.4.1:ifix1:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.5.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.6.0:*:*:*:*:*:*:*
    Create a notification for this product.
    IBM OS Image for Red Hat Linux Systems Affected: 4.0.4.0
    Affected: 4.0.5.0
    Affected: 4.0.6.0
    Affected: 4.0.7.0
    Affected: 5.0.0.0
    Affected: 5.0.1.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-38017",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-05T14:24:53.319334Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-05T14:32:17.345Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.4.1:ifix1:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.5.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.6.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Cloud Pak System",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.3.4.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "2.3.4.1",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "2.3.4.1 Interim Fix 001",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "2.3.5.0"
                },
                {
                  "status": "affected",
                  "version": "2.3.6.0"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "OS Image for Red Hat Linux Systems",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.0.4.0"
                },
                {
                  "status": "affected",
                  "version": "4.0.5.0"
                },
                {
                  "status": "affected",
                  "version": "4.0.6.0"
                },
                {
                  "status": "affected",
                  "version": "4.0.7.0"
                },
                {
                  "status": "affected",
                  "version": "5.0.0.0"
                },
                {
                  "status": "affected",
                  "version": "5.0.1.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM Cloud Pak System\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eis vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.\u003c/span\u003e\u003c/p\u003e"
                }
              ],
              "value": "IBM Cloud Pak System\u00a0is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-209",
                  "description": "CWE-209 Generation of Error Message Containing Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-04T20:46:40.603Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7254419"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003cp\u003e\u003cstrong\u003eIBM strongly recommends addressing the vulnerabilities now by \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/node/7254396\"\u003eupgrading to version 2.3.6.1\u003c/a\u003e\u003c/strong\u003e\u003cstrong\u003e. \u003c/strong\u003e\u003c/p\u003e\u003cp\u003eIBM Cloud Pak System provides OS image for Red Hat Enterprise Linux System 4.0.8.0 based on Red Hat Enterprise Linux 8.10 and OS image for Red Hat Enterprise Linux System 5.0.3 based on Red Hat Enterprise Linux 9.6. IBM Cloud Pak System provides IBM WebSphere Application Server Liberty V25.0.0.9; IBM Storage Scale is also upgraded to IBM Storage Scale V5.2.3.3.\u003c/p\u003e\u003cp\u003eFor Power, contact IBM Support.\u003c/p\u003e\u003cp\u003eThis Security bulletin applies to IBM Cloud Pak System, IBM Cloud Pak System Software, and IBM Cloud Pak System Software Suite.\u003c/p\u003e\u003cp\u003eInformation on upgrading here \u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.ibm.com/support/docview.wss?uid=ibm10887959\"\u003ehttp://www.ibm.com/support/docview.wss?uid=ibm10887959\u003c/a\u003e\u003c/p\u003e\u003c/div\u003e\u003cp\u003eFor unsupported versions the recommendation is to upgrade to a supported version of the product.\u003c/p\u003e\u003cbr\u003e"
                }
              ],
              "value": "IBM strongly recommends addressing the vulnerabilities now by  http://www.ibm.com/support/docview.wss?uid=ibm10887959 \n\n\n\nFor unsupported versions the recommendation is to upgrade to a supported version of the product."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Multiple Vulnerabilities in IBM Cloud Pak System",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2023-38017",
        "datePublished": "2026-02-04T20:44:04.452Z",
        "dateReserved": "2023-07-11T17:33:12.813Z",
        "dateUpdated": "2026-02-05T14:32:17.345Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-38010 (GCVE-0-2023-38010)

    Vulnerability from cvelistv5 – Published: 2026-02-04 20:24 – Updated: 2026-02-04 20:49
    VLAI
    Title
    Multiple Vulnerabilities in IBM Cloud Pak System
    Summary
    IBM Cloud Pak System displays sensitive information in user messages that could aid in further attacks against the system.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-209 - Generation of Error Message Containing Sensitive Information
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7254419 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Cloud Pak System Affected: 2.3.4.0 (semver)
    Affected: 2.3.4.1 (semver)
    Affected: 2.3.4.1 Interim Fix 001 (semver)
    Affected: 2.3.5.0
    Affected: 2.3.6.0
        cpe:2.3:a:ibm:cloud_pak_system:2.3.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.4.1:ifix1:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.5.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.6.0:*:*:*:*:*:*:*
    Create a notification for this product.
    IBM OS Image for Red Hat Linux Systems Affected: 4.0.4.0
    Affected: 4.0.5.0
    Affected: 4.0.6.0
    Affected: 4.0.7.0
    Affected: 5.0.0.0
    Affected: 5.0.1.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-38010",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-04T20:48:48.904709Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-04T20:49:00.786Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.4.1:ifix1:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.5.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.6.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Cloud Pak System",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.3.4.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "2.3.4.1",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "2.3.4.1 Interim Fix 001",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "2.3.5.0"
                },
                {
                  "status": "affected",
                  "version": "2.3.6.0"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "OS Image for Red Hat Linux Systems",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.0.4.0"
                },
                {
                  "status": "affected",
                  "version": "4.0.5.0"
                },
                {
                  "status": "affected",
                  "version": "4.0.6.0"
                },
                {
                  "status": "affected",
                  "version": "4.0.7.0"
                },
                {
                  "status": "affected",
                  "version": "5.0.0.0"
                },
                {
                  "status": "affected",
                  "version": "5.0.1.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM Cloud Pak System displays sensitive information in user messages that could aid in further attacks against the system.\u003c/p\u003e"
                }
              ],
              "value": "IBM Cloud Pak System displays sensitive information in user messages that could aid in further attacks against the system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-209",
                  "description": "CWE-209 Generation of Error Message Containing Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-04T20:46:18.289Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7254419"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003cp\u003e\u003cstrong\u003eIBM strongly recommends addressing the vulnerabilities now by \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/node/7254396\"\u003eupgrading to version 2.3.6.1\u003c/a\u003e\u003c/strong\u003e\u003cstrong\u003e. \u003c/strong\u003e\u003c/p\u003e\u003cp\u003eIBM Cloud Pak System provides OS image for Red Hat Enterprise Linux System 4.0.8.0 based on Red Hat Enterprise Linux 8.10 and OS image for Red Hat Enterprise Linux System 5.0.3 based on Red Hat Enterprise Linux 9.6. IBM Cloud Pak System provides IBM WebSphere Application Server Liberty V25.0.0.9; IBM Storage Scale is also upgraded to IBM Storage Scale V5.2.3.3.\u003c/p\u003e\u003cp\u003eFor Power, contact IBM Support.\u003c/p\u003e\u003cp\u003eThis Security bulletin applies to IBM Cloud Pak System, IBM Cloud Pak System Software, and IBM Cloud Pak System Software Suite.\u003c/p\u003e\u003cp\u003eInformation on upgrading here \u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.ibm.com/support/docview.wss?uid=ibm10887959\"\u003ehttp://www.ibm.com/support/docview.wss?uid=ibm10887959\u003c/a\u003e\u003c/p\u003e\u003c/div\u003e\u003cp\u003eFor unsupported versions the recommendation is to upgrade to a supported version of the product.\u003c/p\u003e\u003cbr\u003e"
                }
              ],
              "value": "IBM strongly recommends addressing the vulnerabilities now by  http://www.ibm.com/support/docview.wss?uid=ibm10887959 \n\n\n\nFor unsupported versions the recommendation is to upgrade to a supported version of the product."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Multiple Vulnerabilities in IBM Cloud Pak System",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2023-38010",
        "datePublished": "2026-02-04T20:24:56.127Z",
        "dateReserved": "2023-07-11T17:33:11.276Z",
        "dateUpdated": "2026-02-04T20:49:00.786Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-2895 (GCVE-0-2025-2895)

    Vulnerability from cvelistv5 – Published: 2025-06-30 14:39 – Updated: 2025-08-24 11:36
    VLAI
    Title
    IBM Cloud Pak System HTML injection
    Summary
    IBM Cloud Pak System 2.3.3.6, 2.3.36 iFix1, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0, 2.3.4.1, and 2.3.4.1 iFix1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7237164 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Cloud Pak System Affected: 2.3.3.6 , ≤ 2.3.36 iFix1 (semver)
    Affected: 2.3.3.7 , ≤ 2.3.3.7 iFix1 (semver)
    Affected: 2.3.4.0
    Affected: 2.3.4.1 , ≤ 2.3.4.1 iFix1 (semver)
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix1:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:ifix1:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.4.1:ifix1:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-2895",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-30T14:59:12.440305Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-30T14:59:26.584Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix1:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:ifix1:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.4.1:ifix1:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Cloud Pak System",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "2.3.36 iFix1",
                  "status": "affected",
                  "version": "2.3.3.6",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "2.3.3.7 iFix1",
                  "status": "affected",
                  "version": "2.3.3.7",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "2.3.4.0"
                },
                {
                  "lessThanOrEqual": "2.3.4.1 iFix1",
                  "status": "affected",
                  "version": "2.3.4.1",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Cloud Pak System 2.3.3.6, 2.3.36 iFix1, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0, 2.3.4.1, and 2.3.4.1 iFix1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim\u0027s Web browser within the security context of the hosting site."
                }
              ],
              "value": "IBM Cloud Pak System 2.3.3.6, 2.3.36 iFix1, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0, 2.3.4.1, and 2.3.4.1 iFix1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim\u0027s Web browser within the security context of the hosting site."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-80",
                  "description": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-24T11:36:47.304Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7237164"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "This security bulletin applies to IBM Cloud Pak System, IBM Cloud Pak System Software, IBM Cloud Pak System Software Suite. \u003cbr\u003e\u003cbr\u003eFor Intel releases, IBM strongly recommends addressing these vulnerabilities now by upgrading to IBM Cloud Pak System v2.3.6.0 available from IBM Fix Central/Passport Advantage Online,\u003cbr\u003e\u003cbr\u003e\u2028Information on upgrading here \u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.ibm.com/support/docview.wss?uid=ibm10887959\"\u003ehttp://www.ibm.com/support/docview.wss?uid=ibm10887959\u003c/a\u003e\u003cbr\u003e\u003cbr\u003eFor Power, contact IBM Support.\u003cbr\u003e\u003cbr\u003e \u003cbr\u003e\u003cbr\u003eFor unsupported versions the recommendation is to upgrade to supported version of the product.\u003cbr\u003e"
                }
              ],
              "value": "This security bulletin applies to IBM Cloud Pak System, IBM Cloud Pak System Software, IBM Cloud Pak System Software Suite. \n\nFor Intel releases, IBM strongly recommends addressing these vulnerabilities now by upgrading to IBM Cloud Pak System v2.3.6.0 available from IBM Fix Central/Passport Advantage Online,\n\n\u2028Information on upgrading here  http://www.ibm.com/support/docview.wss?uid=ibm10887959 \n\nFor Power, contact IBM Support.\n\n \n\nFor unsupported versions the recommendation is to upgrade to supported version of the product."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Cloud Pak System HTML injection",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-2895",
        "datePublished": "2025-06-30T14:39:43.041Z",
        "dateReserved": "2025-03-28T02:06:17.704Z",
        "dateUpdated": "2025-08-24T11:36:47.304Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-38007 (GCVE-0-2023-38007)

    Vulnerability from cvelistv5 – Published: 2025-06-27 14:48 – Updated: 2025-08-17 00:24
    VLAI
    Title
    IBM Cloud Pak System HTML injection
    Summary
    IBM Cloud Pak System 2.3.5.0, 2.3.3.7, 2.3.3.7 iFix1 on Power and 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.4.0, 2.3.4.1 on Intel operating systems is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7237162 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Cloud Pak System Affected: 2.3.5.0
    Affected: 2.3.3.7
    Affected: 2.3.3.7 iFix1
        cpe:2.3:a:ibm:cloud_pak_system:2.3.5.5:*:*:*:*:power:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:*:*:*:*:power:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:ifix1:*:*:*:power:*:*
    Create a notification for this product.
    IBM Cloud Pak System Affected: 2.3.3.6
    Affected: 2.3.3.6 iFix1
    Affected: 2.3.3.6 iFix2
    Affected: 2.3.4.0
    Affected: 2.3.4.1
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix1:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix2:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.4.1:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-38007",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-27T15:01:40.406081Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-27T15:01:48.933Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.5.5:*:*:*:*:power:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:*:*:*:*:power:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:ifix1:*:*:*:power:*:*"
              ],
              "defaultStatus": "unaffected",
              "platforms": [
                "Power"
              ],
              "product": "Cloud Pak System",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.3.5.0"
                },
                {
                  "status": "affected",
                  "version": "2.3.3.7"
                },
                {
                  "status": "affected",
                  "version": "2.3.3.7 iFix1"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix1:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix2:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.4.1:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "platforms": [
                "x86"
              ],
              "product": "Cloud Pak System",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.3.3.6"
                },
                {
                  "status": "affected",
                  "version": "2.3.3.6 iFix1"
                },
                {
                  "status": "affected",
                  "version": "2.3.3.6 iFix2"
                },
                {
                  "status": "affected",
                  "version": "2.3.4.0"
                },
                {
                  "status": "affected",
                  "version": "2.3.4.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Cloud Pak System 2.3.5.0, 2.3.3.7, 2.3.3.7 iFix1 on Power and 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.4.0, 2.3.4.1 on Intel operating systems is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim\u0027s Web browser within the security context of the hosting site."
                }
              ],
              "value": "IBM Cloud Pak System 2.3.5.0, 2.3.3.7, 2.3.3.7 iFix1 on Power and 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.4.0, 2.3.4.1 on Intel operating systems is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim\u0027s Web browser within the security context of the hosting site."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-80",
                  "description": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-17T00:24:09.866Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7237162"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "This Security Bulletin applies to IBM Cloud Pak System, IBM Cloud Pak System Software, IBM Cloud Pak System Software Suite.\u003cbr\u003e\u003cbr\u003eFor Intel releases, IBM strongly recommends addressing this vulnerability now by upgrading to IBM Cloud Pak System v2.3.4.1 Interim Fix 1 available at IBM Fix Central, \u003cbr\u003e\u003cbr\u003einformation on upgrading here \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/node/7178546\"\u003ehttps://www.ibm.com/support/pages/node/7178546\u003c/a\u003e\u003cbr\u003e\u003cbr\u003eFor Power, contact IBM Support.\u003cbr\u003e\u003cbr\u003eFor unsupported versions the recommendation is to upgrade/migrate to supported version of the product.\u003cbr\u003e"
                }
              ],
              "value": "This Security Bulletin applies to IBM Cloud Pak System, IBM Cloud Pak System Software, IBM Cloud Pak System Software Suite.\n\nFor Intel releases, IBM strongly recommends addressing this vulnerability now by upgrading to IBM Cloud Pak System v2.3.4.1 Interim Fix 1 available at IBM Fix Central, \n\ninformation on upgrading here  https://www.ibm.com/support/pages/node/7178546 \n\nFor Power, contact IBM Support.\n\nFor unsupported versions the recommendation is to upgrade/migrate to supported version of the product."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Cloud Pak System HTML injection",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2023-38007",
        "datePublished": "2025-06-27T14:48:28.581Z",
        "dateReserved": "2023-07-11T17:33:11.275Z",
        "dateUpdated": "2025-08-17T00:24:09.866Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-38272 (GCVE-0-2023-38272)

    Vulnerability from cvelistv5 – Published: 2025-03-27 17:21 – Updated: 2025-08-17 01:11
    VLAI
    Title
    IBM Cloud Pak System information disclosure
    Summary
    IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.36 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0, and 2.3.4.1 could allow a user with access to the network to obtain sensitive information from CLI arguments.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-300 - Channel Accessible by Non-Endpoint
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7229212 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Cloud Pak System Affected: 2.3.3.0
    Affected: 2.3.3.3
    Affected: 2.3.3.3 iFix1
    Affected: 2.3.3.4
    Affected: 2.3.3.5
    Affected: 2.3.3.6
    Affected: 2.3.3.6 iFix1
    Affected: 2.3.3.6 iFix2
    Affected: 2.3.3.7
    Affected: 2.3.3.7 iFix1
    Affected: 2.3.4.0
    Affected: 2.3.4.1
        cpe:2.3:a:ibm:cloud_pak_system:2.3.1.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.3:ifix1:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.4:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.5:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix1:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix2:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:ifix1:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.4.1:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-38272",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-27T18:09:49.868161Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-27T18:10:42.407Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.1.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.3:ifix1:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix1:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix2:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:ifix1:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.4.1:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Cloud Pak System",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.3.3.0"
                },
                {
                  "status": "affected",
                  "version": "2.3.3.3"
                },
                {
                  "status": "affected",
                  "version": "2.3.3.3 iFix1"
                },
                {
                  "status": "affected",
                  "version": "2.3.3.4"
                },
                {
                  "status": "affected",
                  "version": "2.3.3.5"
                },
                {
                  "status": "affected",
                  "version": "2.3.3.6"
                },
                {
                  "status": "affected",
                  "version": "2.3.3.6 iFix1"
                },
                {
                  "status": "affected",
                  "version": "2.3.3.6 iFix2"
                },
                {
                  "status": "affected",
                  "version": "2.3.3.7"
                },
                {
                  "status": "affected",
                  "version": "2.3.3.7 iFix1"
                },
                {
                  "status": "affected",
                  "version": "2.3.4.0"
                },
                {
                  "status": "affected",
                  "version": "2.3.4.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.36 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0, and 2.3.4.1 \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ecould allow a user with access to the network to obtain sensitive information from CLI arguments.\u003c/span\u003e"
                }
              ],
              "value": "IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.36 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0, and 2.3.4.1 \n\ncould allow a user with access to the network to obtain sensitive information from CLI arguments."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-300",
                  "description": "CWE-300 Channel Accessible by Non-Endpoint",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-17T01:11:50.459Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7229212"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Cloud Pak System information disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2023-38272",
        "datePublished": "2025-03-27T17:21:08.596Z",
        "dateReserved": "2023-07-14T00:46:14.891Z",
        "dateUpdated": "2025-08-17T01:11:50.459Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-37405 (GCVE-0-2023-37405)

    Vulnerability from cvelistv5 – Published: 2025-03-27 17:20 – Updated: 2025-08-17 01:14
    VLAI
    Title
    IBM Cloud Pak System information disclosure
    Summary
    IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.36 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0, and 2.3.4.1 stores sensitive data in memory, that could be obtained by an unauthorized user.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-311 - Missing Encryption of Sensitive Data
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7229212 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Cloud Pak System Affected: 2.3.3.0
    Affected: 2.3.3.3
    Affected: 2.3.3.3 iFix1
    Affected: 2.3.3.4
    Affected: 2.3.3.5
    Affected: 2.3.3.6
    Affected: 2.3.3.6 iFix1
    Affected: 2.3.3.7
    Affected: 2.3.3.7 iFix1
    Affected: 2.3.4.0
    Affected: 2.3.4.1
        cpe:2.3:a:ibm:cloud_pak_system:2.3.1.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.3:ifix1:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.4:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.5:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix1:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix2:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:ifix1:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.4.1:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-37405",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-27T18:11:13.021060Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-27T18:11:23.196Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.1.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.3:ifix1:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix1:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix2:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:ifix1:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.4.1:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Cloud Pak System",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.3.3.0"
                },
                {
                  "status": "affected",
                  "version": "2.3.3.3"
                },
                {
                  "status": "affected",
                  "version": "2.3.3.3 iFix1"
                },
                {
                  "status": "affected",
                  "version": "2.3.3.4"
                },
                {
                  "status": "affected",
                  "version": "2.3.3.5"
                },
                {
                  "status": "affected",
                  "version": "2.3.3.6"
                },
                {
                  "status": "affected",
                  "version": "2.3.3.6 iFix1"
                },
                {
                  "status": "affected",
                  "version": "2.3.3.7"
                },
                {
                  "status": "affected",
                  "version": "2.3.3.7 iFix1"
                },
                {
                  "status": "affected",
                  "version": "2.3.4.0"
                },
                {
                  "status": "affected",
                  "version": "2.3.4.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.36 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0, and 2.3.4.1 stores sensitive data in memory, that could be obtained by an unauthorized user."
                }
              ],
              "value": "IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.36 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0, and 2.3.4.1 stores sensitive data in memory, that could be obtained by an unauthorized user."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-311",
                  "description": "CWE-311 Missing Encryption of Sensitive Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-17T01:14:54.449Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7229212"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Cloud Pak System information disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2023-37405",
        "datePublished": "2025-03-27T17:20:04.260Z",
        "dateReserved": "2023-07-05T15:59:16.996Z",
        "dateUpdated": "2025-08-17T01:14:54.449Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-38271 (GCVE-0-2023-38271)

    Vulnerability from cvelistv5 – Published: 2025-01-25 13:57 – Updated: 2025-01-27 17:00
    VLAI
    Title
    IBM Cloud Pak System information disclosure
    Summary
    IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1 could allow an authenticated user to obtain sensitive information from log files.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-532 - Insertion of Sensitive Information into Log File
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Cloud Pak System Affected: 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.3:ifix1:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.4:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.5:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix1:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix2:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:ifix1:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-38271",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-27T17:00:35.776203Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-27T17:00:45.724Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.3:ifix1:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix1:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix2:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:ifix1:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Cloud Pak System",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1\u0026nbsp;could allow an authenticated user to obtain sensitive information from log files."
                }
              ],
              "value": "IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1\u00a0could allow an authenticated user to obtain sensitive information from log files."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-532",
                  "description": "CWE-532 Insertion of Sensitive Information into Log File",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-25T13:57:18.288Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "url": "https://www.ibm.com/support/pages/node/7159533"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Cloud Pak System information disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2023-38271",
        "datePublished": "2025-01-25T13:57:18.288Z",
        "dateReserved": "2023-07-14T00:46:14.890Z",
        "dateUpdated": "2025-01-27T17:00:45.724Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-38713 (GCVE-0-2023-38713)

    Vulnerability from cvelistv5 – Published: 2025-01-25 13:56 – Updated: 2025-01-27 14:46
    VLAI
    Title
    IBM Cloud Pak System information disclosure
    Summary
    IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1 could disclose sensitive information about the system that could aid in further attacks against the system.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-209 - Generation of Error Message Containing Sensitive Information
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Cloud Pak System Affected: 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.3:ifix1:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.4:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.5:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix1:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix2:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:ifix1:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-38713",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-27T14:45:36.427434Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-27T14:46:11.289Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.3:ifix1:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix1:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix2:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:ifix1:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Cloud Pak System",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1\u0026nbsp;could disclose sensitive information about the system that could aid in further attacks against the system."
                }
              ],
              "value": "IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1\u00a0could disclose sensitive information about the system that could aid in further attacks against the system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-209",
                  "description": "CWE-209 Generation of Error Message Containing Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-25T13:56:16.547Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "url": "https://www.ibm.com/support/pages/node/7159533"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Cloud Pak System information disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2023-38713",
        "datePublished": "2025-01-25T13:56:16.547Z",
        "dateReserved": "2023-07-25T00:00:53.162Z",
        "dateUpdated": "2025-01-27T14:46:11.289Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }