5.3
CVE-2023-38281
- EPSS 0.01%
- Veröffentlicht 04.02.2026 20:45:05
- Zuletzt bearbeitet 25.02.2026 14:47:26
- Quelle psirt@us.ibm.com
- CVE-Watchlists
- Unerledigt
Multiple Vulnerabilities in IBM Cloud Pak System
IBM Cloud Pak System does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ibm ≫ Cloud Pak System Version2.3.4.0 Update-
Ibm ≫ Cloud Pak System Version2.3.4.1 Update-
Ibm ≫ Cloud Pak System Version2.3.4.1 Updateifix1
Ibm ≫ Cloud Pak System Version2.3.5.0 Update-
Ibm ≫ Cloud Pak System Version2.3.6.0 Update-
Ibm ≫ Os Image For Red Hat Linux Systems Version4.0.4.0
Ibm ≫ Os Image For Red Hat Linux Systems Version4.0.5.0
Ibm ≫ Os Image For Red Hat Linux Systems Version4.0.6.0
Ibm ≫ Os Image For Red Hat Linux Systems Version4.0.7.0
Ibm ≫ Os Image For Red Hat Linux Systems Version5.0.0.0
Ibm ≫ Os Image For Red Hat Linux Systems Version5.0.1.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.01% | 0.02 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| psirt@us.ibm.com | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
CWE-209 Generation of Error Message Containing Sensitive Information
The product generates an error message that includes sensitive information about its environment, users, or associated data.