Sensitive Information Disclosure in IBM Cloud Pak System
CVE-2023-38013

5.3MEDIUM

Key Information:

Vendor
IBM
Status
Cloud Pak System
Vendor
CVE Published:
25 January 2025

Summary

In IBM Cloud Pak System, versions 2.3.3.0 through 2.3.3.7, including iFix variants, a design flaw allows sensitive information to be disclosed in HTTP responses. This vulnerability could facilitate further attacks on the system, posing risks to data integrity and confidentiality. Organizations utilizing affected versions should take immediate actions to mitigate potential security threats.

Affected Version(s)

Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1

References

https://www.ibm.com/support/pages/node/7159533

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.