← Back

CVE-2023-38017

nvd nist
Published: Feb 4, 2026Modified: Feb 25, 2026

JSON object

Loading...
5.3
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Exploitability: 3.9 / Impact: 1.4
Source: psirt@us.ibm.com

Description

IBM Cloud Pak System is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Affected (11)

Ibm
2 products
Cloud Pak System
Os Image For Red Hat Linux Systems
Configuration A
11 vulnerable
Vulnerable SoftwareAffected Versions
Ibm
Cloud Pak System
Version 2.3.4.0
Cloud Pak System
Version 2.3.4.1
Cloud Pak System
Version 2.3.4.1 ifix1
Cloud Pak System
Version 2.3.5.0
Cloud Pak System
Version 2.3.6.0
Ibm
Os Image For Red Hat Linux Systems
Version 4.0.4.0
Os Image For Red Hat Linux Systems
Version 4.0.5.0
Os Image For Red Hat Linux Systems
Version 4.0.6.0
Os Image For Red Hat Linux Systems
Version 4.0.7.0
Os Image For Red Hat Linux Systems
Version 5.0.0.0
Os Image For Red Hat Linux Systems
Version 5.0.1.0

Related CWEs

CWE-209
Generation of Error Message Containing Sensitive Information
The product generates an error message that includes sensitive information about its environment, users, or associated data.

References (1)

Source: psirt@us.ibm.com
Vendor Advisory

Timeline

No history available yet.