Metrics
Affected Vendors & Products
Solution
This Security Bulletin applies to IBM Cloud Pak System, IBM Cloud Pak System Software, IBM Cloud Pak System Software Suite. For Intel releases, IBM strongly recommends addressing this vulnerability now by upgrading to IBM Cloud Pak System v2.3.4.1 Interim Fix 1 available at IBM Fix Central, information on upgrading here https://www.ibm.com/support/pages/node/7178546 For Power, contact IBM Support. For unsupported versions the recommendation is to upgrade/migrate to supported version of the product.
Workaround
No workaround given by the vendor.
Link | Providers |
---|---|
https://www.ibm.com/support/pages/node/7237162 |
![]() ![]() |
Thu, 14 Aug 2025 06:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-79 | |
CPEs | cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:-:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:-:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:ifix1:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_system:2.3.4.0:-:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_system:2.3.4.1:-:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_system:2.3.5.0:-:*:*:*:*:*:* |
Fri, 27 Jun 2025 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Fri, 27 Jun 2025 15:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | IBM Cloud Pak System 2.3.5.0, 2.3.3.7, 2.3.3.7 iFix1 on Power and 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.4.0, 2.3.4.1 on Intel operating systems is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. | |
Title | IBM Cloud Pak System HTML injection | |
First Time appeared |
Ibm
Ibm cloud Pak System |
|
Weaknesses | CWE-80 | |
CPEs | cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:*:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix1:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix2:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:*:*:*:*:power:*:* cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:ifix1:*:*:*:power:*:* cpe:2.3:a:ibm:cloud_pak_system:2.3.4.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_system:2.3.4.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_system:2.3.5.5:*:*:*:*:power:*:* |
|
Vendors & Products |
Ibm
Ibm cloud Pak System |
|
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: ibm
Published:
Updated: 2025-08-17T00:24:09.866Z
Reserved: 2023-07-11T17:33:11.275Z
Link: CVE-2023-38007

Updated: 2025-06-27T15:01:43.613Z

Status : Analyzed
Published: 2025-06-27T15:15:24.623
Modified: 2025-08-14T01:12:31.570
Link: CVE-2023-38007

No data.

No data.