Sensitive Information Disclosure Vulnerability in IBM Cloud Pak System
CVE-2023-38272

5.9MEDIUM

Key Information:

Vendor: IBM
Status: Cloud Pak System
Vendor: CVE Published:; 27 March 2025

What is CVE-2023-38272?

A vulnerability in IBM Cloud Pak System allows a user with network access to exploit the system by obtaining sensitive information from Command Line Interface (CLI) arguments. This issue may lead to unauthorized access to confidential data, potentially impacting the security posture of affected systems. Users are encouraged to review their security configurations and implement the necessary updates to safeguard against such exposures.

Affected Version(s)

Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.36 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0, 2.3.4.1

References

https://www.ibm.com/support/pages/node/7229212

vendor-advisory

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 27, 2025
Vulnerability Reserved
Jul 14, 2023