CVE-2023-38265

CWE-5483 documents3 sources

Severity

5.3MEDIUM

EPSS

0.0%

top 85.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Cloud PAK System

Timeline

PublishedFeb 17

Description

IBM Cloud Pak System 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0 could disclose folder location information to an unauthenticated attacker that could aid in further attacks against the system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5ibm/cloud_pak_system2.3.3.6 — 2.1.0+4

▶NVDibm/cloud_pak_system5 versions+4

🔴Vulnerability Details

CVEList

Improper Access Control and Exposure of Information Through Directory Listing vulnerabilities affect IBM Cloud Pak System[, ]↗2026-02-17

▶

GHSA

GHSA-2gp2-mfg4-q5mv: IBM Cloud Pak System 2↗2026-02-17

▶