IBM Cloud Pak System information disclosure
CVE-2023-38273

7.5HIGH

Key Information:

Vendor: IBM
Status: Cloud Pak System
Vendor: CVE Published:; 2 February 2024

Summary

The IBM Cloud Pak System is affected by a vulnerability stemming from inadequate account lockout settings, which could be exploited by remote attackers to perform brute force attacks on user account credentials. This flaw presents risks that can lead to unauthorized access and compromise of sensitive information. Organizations utilizing the affected versions of IBM Cloud Pak System should take immediate measures to enhance account security and mitigate potential threats.

Affected Version(s)

Cloud Pak System 2.3.1.1, 2.3.2.0, 2.3.3.7

References

https://www.ibm.com/support/pages/node/7105357

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/260733

vdb-entry

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 2, 2024
Vulnerability Reserved
Jul 14, 2023