CVE-2023-38714
Published: 25 January 2025
Description
IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1 could disclose sensitive information about the system that could aid in further attacks against the system.
Security Summary
CVE-2023-38714 is an information disclosure vulnerability (CWE-209) affecting specific versions of IBM Cloud Pak System, including 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1. The flaw enables the exposure of sensitive system information, which could assist attackers in planning subsequent exploits against the system.
The vulnerability carries a CVSS v3.1 base score of 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N), indicating it is exploitable remotely over the network by unauthenticated attackers with low complexity and no user interaction required. Exploitation results in low-impact confidentiality loss, providing reconnaissance data without affecting integrity or availability.
IBM has published a security bulletin at https://www.ibm.com/support/pages/node/7159533 detailing the vulnerability, affected versions, and recommended mitigations or patches.
Details
- CWE(s)