7.5
CVE-2023-38013
- EPSS 0.07%
- Published 25.01.2025 14:15:27
- Last modified 13.08.2025 18:01:11
- Source psirt@us.ibm.com
- Teams watchlist Login
- Open Login
IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1 could disclose sensitive information in HTTP responses that could aid in further attacks against the system.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users. Login
Data is provided by the National Vulnerability Database (NVD)
Ibm ≫ Cloud Pak System Version2.3.3.0 Update-
Ibm ≫ Cloud Pak System Version2.3.3.3 Update-
Ibm ≫ Cloud Pak System Version2.3.3.3 Updateifix1
Ibm ≫ Cloud Pak System Version2.3.3.4 Update-
Ibm ≫ Cloud Pak System Version2.3.3.5 Update-
Ibm ≫ Cloud Pak System Version2.3.3.6 Update-
Ibm ≫ Cloud Pak System Version2.3.3.6 Updateifix1
Ibm ≫ Cloud Pak System Version2.3.3.6 Updateifix2
Ibm ≫ Cloud Pak System Version2.3.3.7 Update-
Ibm ≫ Cloud Pak System Version2.3.3.7 Updateifix1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.07% | 0.207 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| psirt@us.ibm.com | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
CWE-201 Insertion of Sensitive Information Into Sent Data
The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.