CVE-2023-38007
BaseFortify
Publication date: 2025-06-27
Last updated on: 2025-08-14
Assigner: IBM Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ibm | cloud_pak_system | 2.3.3.6 |
| ibm | cloud_pak_system | 2.3.3.6 |
| ibm | cloud_pak_system | 2.3.3.6 |
| ibm | cloud_pak_system | 2.3.3.7 |
| ibm | cloud_pak_system | 2.3.3.7 |
| ibm | cloud_pak_system | 2.3.4.0 |
| ibm | cloud_pak_system | 2.3.4.1 |
| ibm | cloud_pak_system | 2.3.5.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
| CWE-80 | The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as "<", ">", and "&" that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an HTML injection issue in IBM Cloud Pak System versions 2.3.5.0, 2.3.3.7, and others on Power and Intel architectures. A remote attacker can inject malicious HTML code that executes in the victim's web browser within the security context of the hosting site. It is classified under CWE-80, related to improper neutralization of script-related HTML tags, a form of cross-site scripting (XSS). [1]
How can this vulnerability impact me? :
The vulnerability allows a remote attacker to execute malicious HTML code in the context of the hosting site when a victim views the injected content. This can lead to low impact on confidentiality and integrity of data, potentially exposing sensitive information or allowing unauthorized actions within the web application. The attack requires low privileges and user interaction, with no impact on availability. [1]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should upgrade to IBM Cloud Pak System version 2.3.4.1 Interim Fix 1 for Intel releases, available via IBM Fix Central. For Power architecture versions, you should contact IBM Support for guidance. Unsupported versions should be upgraded or migrated to supported versions. There are no workarounds or mitigations available. [1]