CVE-2023-38005

CWE-284Improper Access Control3 documents3 sources
Severity
4.3MEDIUM
EPSS
0.0%
top 98.75%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Cloud PAK System
Timeline
PublishedFeb 17
Latest updateFeb 18

Description

IBM Cloud Pak System 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0 could allow an authenticated user to perform unauthorized tasks due to improper access controls.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

CVEListV5ibm/cloud_pak_system2.3.3.62.1.0+4
NVDibm/cloud_pak_system5 versions+4

🔴Vulnerability Details

2
GHSA
GHSA-qvc7-4wrw-mpgp: IBM Cloud Pak System 22026-02-18
CVEList
Improper Access Control and Exposure of Information Through Directory Listing vulnerabilities affect IBM Cloud Pak System[, ]2026-02-17
CVE-2023-38005 (MEDIUM CVSS 4.3) | IBM Cloud Pak System 2.3.3.6 | cvebase.io