CVE-2023-38271

CWE-532Log File Information Exposure3 documents3 sources
Severity
6.5MEDIUM
EPSS
0.1%
top 64.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Cloud PAK System
Timeline
PublishedJan 25

Description

IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1 could allow an authenticated user to obtain sensitive information from log files.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

CVEListV5ibm/cloud_pak_system2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1
NVDibm/cloud_pak_system6 versions+5

🔴Vulnerability Details

2
CVEList
IBM Cloud Pak System information disclosure2025-01-25
GHSA
GHSA-jfx2-4jj8-x2wj: IBM Cloud Pak System 22025-01-25
CVE-2023-38271 (MEDIUM CVSS 6.5) | IBM Cloud Pak System 2.3.3.0 | cvebase.io