CVE-2023-38265
Received Received - Intake
Information Disclosure in IBM Cloud Pak System Folder Paths

Publication date: 2026-02-17

Last updated on: 2026-02-23

Assigner: IBM Corporation

Description
IBM Cloud Pak System 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0 could disclose folder location information to an unauthenticated attacker that could aid in further attacks against the system.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-17
Last Modified
2026-02-23
Generated
2026-05-27
AI Q&A
2026-02-17
EPSS Evaluated
2026-05-25
NVD
CVE-2023-38265
EUVD
EUVD-2023-42085
Affected Vendors & Products
Showing 5 associated CPEs
Vendor Product Version / Range
ibm cloud_pak_system 2.3.3.6
ibm cloud_pak_system 2.3.3.7
ibm cloud_pak_system 2.3.4.0
ibm cloud_pak_system 2.3.4.1
ibm cloud_pak_system 2.3.5.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-548 The product inappropriately exposes a directory listing with an index of all the resources located inside of the directory.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2023-38265 is a vulnerability in IBM Cloud Pak System versions 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0 that allows an unauthenticated attacker to obtain folder location information through directory listing.

This exposure of folder location information can help attackers by revealing system structure details, which could be used to plan further attacks against the system.

The vulnerability is classified under CWE-548 (Exposure of Information Through Directory Listing) and has a CVSS v3 base score of 5.3, indicating a moderate severity with network attack vector, low attack complexity, no privileges required, and no user interaction needed.


How can this vulnerability impact me? :

This vulnerability can impact you by allowing an unauthenticated attacker to gain knowledge of folder locations within your IBM Cloud Pak System.

With this information, attackers may be able to conduct further targeted attacks against your system, potentially compromising security.

Although the confidentiality impact is considered low, the exposure of directory information can be a stepping stone for more serious exploits.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

I don't know


What immediate steps should I take to mitigate this vulnerability?

To mitigate CVE-2023-38265, IBM recommends upgrading affected IBM Cloud Pak System versions to fixed releases.

  • Upgrade Intel-based systems to Cloud Pak System version 2.3.4.1 Interim Fix 1 or the latest version 2.3.6.1.
  • For Power systems, contact IBM Support for guidance.
  • Upgrade or migrate unsupported versions to supported versions.

No workarounds or other mitigations are provided, so applying the recommended upgrades is the immediate step to reduce risk.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart