CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
50.5%
Vulnerabilities in Golang Go affect Cloud Pak System Software.
CVEID:CVE-2023-39319
**DESCRIPTION:**Golang Go is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the html/template package. A remote attacker could exploit this vulnerability using a specially crafted URL to execute script in a victimโs Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victimโs cookie-based authentication credentials.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/265942 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
CVEID:CVE-2023-39318
**DESCRIPTION:**Golang Go is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the html/template package. A remote attacker could exploit this vulnerability using a specially crafted URL to execute script in a victimโs Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victimโs cookie-based authentication credentials.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/265941 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
Affected Product(s)|**Version(s) (Power)
**
โ|โ
IBM Cloud Pak System| 2.3.1.1., 2.3.2.0
IBM Cloud Pak System| 2.3.3.7
Affected Product(s)|**Version(s) (intel)
**
IBM Cloud Pak Systemn| 2.3.3.0
IBM Cloud Pak Systemn| 2.3.3.3 iFIx1
IBM Cloud Pak Systemn| 2.3.3.4
IBM Cloud Pak Systemn| 2.3.3.5,
IBM Cloud Pak Systemn| 2.3.3.6, 2.3.3.3.6 iFix1, 2.3.3.6 iFix2
For unsupported versions the recommendation is to upgrade to supported version of the product.
This security bulletin applies to Cloud Pak System, Cloud Pak System Software, Cloud Pak System Software Suite.
IBM strongly recommends addressing the vulnerability now by applying the fix below.
For Cloud Pak System V2.3.0.1, V2.3.1.1, V2.3.2.0,
Upgrade to Cloud Pak System v2.3.3.7 and apply V2.3.3.7 Interim Fix 01 at IBM Fix Central.
information on upgrading here <https://www.ibm.com/support/pages/node/6982511>
For Cloud Pak System V2.3.3.7,
Apply Cloud Pak System V2.3.3.7 Interim Fix 01 at IBM Fix Central.
information on upgrading here <http://www.ibm.com/support/docview.wss?uid=ibm10887959>
For Cloud Pak System on Intel
Upgrade to Cloud Pak System v2.3.4.0 for Intel at IBM Fix Central
Information on upgrading here <http://www.ibm.com/support/docview.wss?uid=ibm10887959>
None
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
50.5%