{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2023-38017", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2023-07-11T17:33:12.813Z", "datePublished": "2026-02-04T20:44:04.452Z", "dateUpdated": "2026-02-05T14:32:17.345Z"}, "containers": {"cna": {"affected": [{"cpes": ["cpe:2.3:a:ibm:cloud_pak_system:2.3.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cloud_pak_system:2.3.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cloud_pak_system:2.3.4.1:ifix1:*:*:*:*:*:*", "cpe:2.3:a:ibm:cloud_pak_system:2.3.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cloud_pak_system:2.3.6.0:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "product": "Cloud Pak System", "vendor": "IBM", "versions": [{"status": "affected", "version": "2.3.4.0", "versionType": "semver"}, {"status": "affected", "version": "2.3.4.1", "versionType": "semver"}, {"status": "affected", "version": "2.3.4.1 Interim Fix 001", "versionType": "semver"}, {"status": "affected", "version": "2.3.5.0"}, {"status": "affected", "version": "2.3.6.0"}]}, {"defaultStatus": "unaffected", "product": "OS Image for Red Hat Linux Systems", "vendor": "IBM", "versions": [{"status": "affected", "version": "4.0.4.0"}, {"status": "affected", "version": "4.0.5.0"}, {"status": "affected", "version": "4.0.6.0"}, {"status": "affected", "version": "4.0.7.0"}, {"status": "affected", "version": "5.0.0.0"}, {"status": "affected", "version": "5.0.1.0"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>IBM Cloud Pak System&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.</span></p>"}], "value": "IBM Cloud Pak System\u00a0is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-209", "description": "CWE-209 Generation of Error Message Containing Sensitive Information", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2026-02-04T20:46:40.603Z"}, "references": [{"tags": ["vendor-advisory", "patch"], "url": "https://www.ibm.com/support/pages/node/7254419"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<div><p><strong>IBM strongly recommends addressing the vulnerabilities now by <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/node/7254396\">upgrading to version 2.3.6.1</a></strong><strong>. </strong></p><p>IBM Cloud Pak System provides OS image for Red Hat Enterprise Linux System 4.0.8.0 based on Red Hat Enterprise Linux 8.10 and OS image for Red Hat Enterprise Linux System 5.0.3 based on Red Hat Enterprise Linux 9.6. IBM Cloud Pak System provides IBM WebSphere Application Server Liberty V25.0.0.9; IBM Storage Scale is also upgraded to IBM Storage Scale V5.2.3.3.</p><p>For Power, contact IBM Support.</p><p>This Security bulletin applies to IBM Cloud Pak System, IBM Cloud Pak System Software, and IBM Cloud Pak System Software Suite.</p><p>Information on upgrading here <a target=\"_blank\" rel=\"nofollow\" href=\"http://www.ibm.com/support/docview.wss?uid=ibm10887959\">http://www.ibm.com/support/docview.wss?uid=ibm10887959</a></p></div><p>For unsupported versions the recommendation is to upgrade to a supported version of the product.</p><br>"}], "value": "IBM strongly recommends addressing the vulnerabilities now by http://www.ibm.com/support/docview.wss?uid=ibm10887959 \n\n\n\nFor unsupported versions the recommendation is to upgrade to a supported version of the product."}], "source": {"discovery": "UNKNOWN"}, "title": "Multiple Vulnerabilities in IBM Cloud Pak System", "x_generator": {"engine": "ibm-cvegen"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-05T14:24:53.319334Z", "id": "CVE-2023-38017", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-05T14:32:17.345Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-38017", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-05T14:24:53.319334Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-05T14:24:53.985Z"}}], "cna": {"title": "Multiple Vulnerabilities in IBM Cloud Pak System", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"cpes": ["cpe:2.3:a:ibm:cloud_pak_system:2.3.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cloud_pak_system:2.3.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cloud_pak_system:2.3.4.1:ifix1:*:*:*:*:*:*", "cpe:2.3:a:ibm:cloud_pak_system:2.3.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cloud_pak_system:2.3.6.0:*:*:*:*:*:*:*"], "vendor": "IBM", "product": "Cloud Pak System", "versions": [{"status": "affected", "version": "2.3.4.0", "versionType": "semver"}, {"status": "affected", "version": "2.3.4.1", "versionType": "semver"}, {"status": "affected", "version": "2.3.4.1 Interim Fix 001", "versionType": "semver"}, {"status": "affected", "version": "2.3.5.0"}, {"status": "affected", "version": "2.3.6.0"}], "defaultStatus": "unaffected"}, {"vendor": "IBM", "product": "OS Image for Red Hat Linux Systems", "versions": [{"status": "affected", "version": "4.0.4.0"}, {"status": "affected", "version": "4.0.5.0"}, {"status": "affected", "version": "4.0.6.0"}, {"status": "affected", "version": "4.0.7.0"}, {"status": "affected", "version": "5.0.0.0"}, {"status": "affected", "version": "5.0.1.0"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "IBM strongly recommends addressing the vulnerabilities now by http://www.ibm.com/support/docview.wss?uid=ibm10887959 \n\n\n\nFor unsupported versions the recommendation is to upgrade to a supported version of the product.", "supportingMedia": [{"type": "text/html", "value": "<div><p><strong>IBM strongly recommends addressing the vulnerabilities now by <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/node/7254396\">upgrading to version 2.3.6.1</a></strong><strong>. </strong></p><p>IBM Cloud Pak System provides OS image for Red Hat Enterprise Linux System 4.0.8.0 based on Red Hat Enterprise Linux 8.10 and OS image for Red Hat Enterprise Linux System 5.0.3 based on Red Hat Enterprise Linux 9.6. IBM Cloud Pak System provides IBM WebSphere Application Server Liberty V25.0.0.9; IBM Storage Scale is also upgraded to IBM Storage Scale V5.2.3.3.</p><p>For Power, contact IBM Support.</p><p>This Security bulletin applies to IBM Cloud Pak System, IBM Cloud Pak System Software, and IBM Cloud Pak System Software Suite.</p><p>Information on upgrading here <a target=\"_blank\" rel=\"nofollow\" href=\"http://www.ibm.com/support/docview.wss?uid=ibm10887959\">http://www.ibm.com/support/docview.wss?uid=ibm10887959</a></p></div><p>For unsupported versions the recommendation is to upgrade to a supported version of the product.</p><br>", "base64": false}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7254419", "tags": ["vendor-advisory", "patch"]}], "x_generator": {"engine": "ibm-cvegen"}, "descriptions": [{"lang": "en", "value": "IBM Cloud Pak System\u00a0is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.", "supportingMedia": [{"type": "text/html", "value": "<p>IBM Cloud Pak System&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.</span></p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-209", "description": "CWE-209 Generation of Error Message Containing Sensitive Information"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2026-02-04T20:46:40.603Z"}}}, "cveMetadata": {"cveId": "CVE-2023-38017", "state": "PUBLISHED", "dateUpdated": "2026-02-05T14:32:17.345Z", "dateReserved": "2023-07-11T17:33:12.813Z", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "datePublished": "2026-02-04T20:44:04.452Z", "assignerShortName": "ibm"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.4.0:-:*:*:*:*:*:*", "matchCriteriaId": "1A007FD5-CF3B-4DC0-B8C0-3D04AF411FD3", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.4.1:-:*:*:*:*:*:*", "matchCriteriaId": "618F4D77-242C-415C-AA3F-4F79C2663178", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.4.1:ifix1:*:*:*:*:*:*", "matchCriteriaId": "B793F9B0-02DE-49D1-8134-4691A7DC855D", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.5.0:-:*:*:*:*:*:*", "matchCriteriaId": "118829A2-1826-41FE-9F64-698B8FBCF8BB", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.6.0:-:*:*:*:*:*:*", "matchCriteriaId": "6E358741-BF0B-41C0-9015-1EE584AAE2CA", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:os_image_for_red_hat_linux_systems:4.0.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "580A034F-3E53-48E4-84C1-4715280A709C", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:os_image_for_red_hat_linux_systems:4.0.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "1FA52F21-D880-4197-A111-858965D7994E", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:os_image_for_red_hat_linux_systems:4.0.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "51F9C7ED-566B-4E5E-B95F-1A6EDB578244", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:os_image_for_red_hat_linux_systems:4.0.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "B2003856-FECF-4671-8378-441079B70923", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:os_image_for_red_hat_linux_systems:5.0.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "F3863C1D-EC74-4980-86B6-932E7A84DA2C", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:os_image_for_red_hat_linux_systems:5.0.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "244322C7-51AF-4CB9-A9D8-874A4288767B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM Cloud Pak System\u00a0is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."}, {"lang": "es", "value": "IBM Cloud Pak System es vulnerable a cross-site scripting. Esta vulnerabilidad permite a los usuarios incrustar c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, alterando as\u00ed la funcionalidad prevista y potencialmente llevando a la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n de confianza."}], "id": "CVE-2023-38017", "lastModified": "2026-02-25T15:07:25.053", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "psirt@us.ibm.com", "type": "Primary"}]}, "published": "2026-02-04T21:15:56.480", "references": [{"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/7254419"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-209"}], "source": "psirt@us.ibm.com", "type": "Primary"}]}

{}

{}