CVE-2023-38013 — Sensitive Info Insertion into Sent Data in IBM Cloud PAK System

CWE-201 — Sensitive Info Insertion into Sent Data3 documents3 sources

Severity

7.5HIGHNVD

CNA5.3

EPSS

0.1%

top 73.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Cloud PAK System

Timeline

PublishedJan 25

Description

IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1 could disclose sensitive information in HTTP responses that could aid in further attacks against the system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5ibm/cloud_pak_system2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1

▶NVDibm/cloud_pak_system6 versions+5

🔴Vulnerability Details

GHSA

GHSA-m2fr-34qc-xrjj: IBM Cloud Pak System 2↗2025-01-25

▶

CVEList

IBM Cloud Pak System information disclosure↗2025-01-25

▶