CVE-2023-38017
Unknown
Unknown - Not Provided
Cross-Site Scripting in IBM Cloud Pak System Risks Credential Disclosure
Publication date: 2026-02-04
Last updated on: 2026-02-25
Assigner: IBM Corporation
Description
Description
IBM Cloud Pak System is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ibm | cloud_pak_system | 2.3.4.0 |
| ibm | cloud_pak_system | 2.3.4.1 |
| ibm | cloud_pak_system | 2.3.4.1 |
| ibm | cloud_pak_system | 2.3.5.0 |
| ibm | cloud_pak_system | 2.3.6.0 |
| ibm | os_image_for_red_hat_linux_systems | 4.0.4.0 |
| ibm | os_image_for_red_hat_linux_systems | 4.0.5.0 |
| ibm | os_image_for_red_hat_linux_systems | 4.0.6.0 |
| ibm | os_image_for_red_hat_linux_systems | 4.0.7.0 |
| ibm | os_image_for_red_hat_linux_systems | 5.0.0.0 |
| ibm | os_image_for_red_hat_linux_systems | 5.0.1.0 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-209 | The product generates an error message that includes sensitive information about its environment, users, or associated data. |
