CVE-2023-38714

CWE-2093 documents3 sources

Severity

7.5HIGH

EPSS

0.1%

top 73.48%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Cloud PAK System

Timeline

PublishedJan 25

Description

IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1 could disclose sensitive information about the system that could aid in further attacks against the system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5ibm/cloud_pak_system2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1

▶NVDibm/cloud_pak_system6 versions+5

🔴Vulnerability Details

CVEList

IBM Cloud Pak System information disclosure↗2025-01-25

▶

GHSA

GHSA-qjp6-cp7g-v8xv: IBM Cloud Pak System 2↗2025-01-25

▶