CVE-2023-38010
Unknown Unknown - Not Provided
Information Disclosure in IBM Cloud Pak System User Messages

Publication date: 2026-02-04

Last updated on: 2026-02-25

Assigner: IBM Corporation

Description
IBM Cloud Pak System displays sensitive information in user messages that could aid in further attacks against the system.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-04
Last Modified
2026-02-25
Generated
2026-05-27
AI Q&A
2026-02-04
EPSS Evaluated
2026-05-25
NVD
CVE-2023-38010
EUVD
EUVD-2023-41837
Affected Vendors & Products
Showing 11 associated CPEs
Vendor Product Version / Range
ibm cloud_pak_system 2.3.4.0
ibm cloud_pak_system 2.3.4.1
ibm cloud_pak_system 2.3.4.1
ibm cloud_pak_system 2.3.5.0
ibm cloud_pak_system 2.3.6.0
ibm os_image_for_red_hat_linux_systems 4.0.4.0
ibm os_image_for_red_hat_linux_systems 4.0.5.0
ibm os_image_for_red_hat_linux_systems 4.0.6.0
ibm os_image_for_red_hat_linux_systems 4.0.7.0
ibm os_image_for_red_hat_linux_systems 5.0.0.0
ibm os_image_for_red_hat_linux_systems 5.0.1.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-209 The product generates an error message that includes sensitive information about its environment, users, or associated data.
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?

I don't know


Can you explain this vulnerability to me?

CVE-2023-38010 is a vulnerability in IBM Cloud Pak System where sensitive information is displayed in user messages.

This exposure of sensitive data could potentially assist attackers in mounting further attacks against the system.

The vulnerability is classified under CWE-209: Generation of Error Message Containing Sensitive Information.


How can this vulnerability impact me? :

This vulnerability allows attackers to gain limited confidential information remotely without any privileges or user interaction.

The exposed sensitive information in user messages could aid attackers in planning and executing further attacks against the system.

However, it does not impact the integrity or availability of the system.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

I don't know


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart