CVE-2023-38716Information Exposure via Error Message in IBM Cloud PAK System

CWE-209Information Exposure via Error Message3 documents3 sources
Severity
7.5HIGHNVD
CNA5.3
EPSS
0.1%
top 73.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Cloud PAK System
Timeline
PublishedJan 25

Description

IBM Cloud Pak System 2.3.3.6, 2.3.36 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, and 2.3.4.0 could disclose sensitive information about the system that could aid in further attacks against the system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5ibm/cloud_pak_system2.3.3.6, 2.3.36 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0
NVDibm/cloud_pak_system2.3.3.6, 2.3.3.7, 2.3.4.0+2

🔴Vulnerability Details

2
CVEList
IBM Cloud Pak System information disclosure2025-01-25
GHSA
GHSA-c52r-r6j6-x3c5: IBM Cloud Pak System 22025-01-25
CVE-2023-38716 — Information Exposure via Error Message | cvebase