Cloud Pak System@2.3.3.7 Security Vulnerabilities and Issues — Cloud Pak System@2.3.3.7 CVE List

Lucene search

IbmCloud Pak System2.3.3.7

11 matches found

CVE•added 2025/01/25 2:15 p.m.•60 views

CVE-2023-38713

IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1 could disclose sensitive information about the system that could aid in further attacks against the system.

5.3CVSS5AI score0.00038EPSS

CVE•added 2025/01/25 2:15 p.m.•45 views

CVE-2023-38012

IBM Cloud Pak System 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, and 2.3.4.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.

5.3CVSS5.3AI score0.00062EPSS

CVE•added 2025/03/27 6:17 p.m.•45 views

CVE-2023-38272

IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.36 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0, and 2.3.4.1 could allow a user with access to the network to obtain sensitive information from CLI arguments.

5.9CVSS5.4AI score0.00042EPSS

CVE•added 2025/01/25 2:15 p.m.•44 views

CVE-2023-38714

5.3CVSS5AI score0.00038EPSS

CVE•added 2025/01/25 2:15 p.m.•43 views

CVE-2023-38271

IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1 could allow an authenticated user to obtain sensitive information from log files.

4.3CVSS4.3AI score0.00035EPSS

CVE•added 2025/01/25 2:15 p.m.•43 views

CVE-2023-38716

IBM Cloud Pak System 2.3.3.6, 2.3.36 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, and 2.3.4.0 could disclose sensitive information about the system that could aid in further attacks against the system.

5.3CVSS5AI score0.00038EPSS

CVE•added 2025/03/27 6:17 p.m.•41 views

CVE-2023-37405

IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.36 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0, and 2.3.4.1 stores sensitive data in memory, that could be obtained by an unauthorized user.

6.5CVSS6.3AI score0.00017EPSS

CVE•added 2025/01/25 2:15 p.m.•40 views

CVE-2023-38013

IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1 could disclose sensitive information in HTTP responses that could aid in further attacks against the system.

5.3CVSS5.1AI score0.00038EPSS

CVE•added 2024/02/02 3:15 p.m.•31 views

CVE-2023-38273

IBM Cloud Pak System 2.3.1.1, 2.3.2.0, and 2.3.3.7 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 260733.

7.5CVSS7.2AI score0.0005EPSS

CVE•added 2025/06/27 3:15 p.m.•5 views

CVE-2023-38007

IBM Cloud Pak System 2.3.5.0, 2.3.3.7, 2.3.3.7 iFix1 on Power and 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.4.0, 2.3.4.1 on Intel operating systems is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser ...

5.4CVSS6.5AI score0.00033EPSS

CVE•added 2025/06/30 3:15 p.m.•4 views

CVE-2025-2895

IBM Cloud Pak System 2.3.3.6, 2.3.36 iFix1, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0, 2.3.4.1, and 2.3.4.1 iFix1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting si...

5.4CVSS6.5AI score0.00033EPSS