CVE-2023-38017

EUVD-2023-41844
IBM Cloud Pak System is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
ibmcloud_pak_system
2.3.4.0
ibmcloud_pak_system
2.3.4.1
ibmcloud_pak_system
2.3.4.1:ifix1
ibmcloud_pak_system
2.3.5.0
ibmcloud_pak_system
2.3.6.0
ibmos_image_for_red_hat_linux_systems
4.0.4.0
ibmos_image_for_red_hat_linux_systems
4.0.5.0
ibmos_image_for_red_hat_linux_systems
4.0.6.0
ibmos_image_for_red_hat_linux_systems
4.0.7.0
ibmos_image_for_red_hat_linux_systems
5.0.0.0
ibmos_image_for_red_hat_linux_systems
5.0.1.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.ibm.com/support/pages/node/7254419