5.3
CVE-2023-38281
- EPSS 0.01%
- Veröffentlicht 04.02.2026 20:45:05
- Zuletzt bearbeitet 25.02.2026 14:47:26
- Quelle psirt@us.ibm.com
- CVE-Watchlists
- Unerledigt
IBM Cloud Pak System does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginDaten sind bereitgestellt durch National Vulnerability Database (NVD)
Ibm ≫ Cloud Pak System Version2.3.4.0 Update-
Ibm ≫ Cloud Pak System Version2.3.4.1 Update-
Ibm ≫ Cloud Pak System Version2.3.4.1 Updateifix1
Ibm ≫ Cloud Pak System Version2.3.5.0 Update-
Ibm ≫ Cloud Pak System Version2.3.6.0 Update-
Ibm ≫ Os Image For Red Hat Linux Systems Version4.0.4.0
Ibm ≫ Os Image For Red Hat Linux Systems Version4.0.5.0
Ibm ≫ Os Image For Red Hat Linux Systems Version4.0.6.0
Ibm ≫ Os Image For Red Hat Linux Systems Version4.0.7.0
Ibm ≫ Os Image For Red Hat Linux Systems Version5.0.0.0
Ibm ≫ Os Image For Red Hat Linux Systems Version5.0.1.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.01% | 0.017 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| psirt@us.ibm.com | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
CWE-209 Generation of Error Message Containing Sensitive Information
The product generates an error message that includes sensitive information about its environment, users, or associated data.