IBM Cloud Pak System 2.3.3.6, 2.3.36 iFix1, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0, 2.3.4.1, and 2.3.4.1 iFix1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
Fixes

Solution

This security bulletin applies to IBM Cloud Pak System, IBM Cloud Pak System Software, IBM Cloud Pak System Software Suite. For Intel releases, IBM strongly recommends addressing these vulnerabilities now by upgrading to IBM Cloud Pak System v2.3.6.0 available from IBM Fix Central/Passport Advantage Online, 
Information on upgrading here http://www.ibm.com/support/docview.wss?uid=ibm10887959 For Power, contact IBM Support. For unsupported versions the recommendation is to upgrade to supported version of the product.


Workaround

No workaround given by the vendor.

History

Thu, 14 Aug 2025 06:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-79
CPEs cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:-:*:*:*:*:*:*
cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:-:*:*:*:*:*:*
cpe:2.3:a:ibm:cloud_pak_system:2.3.4.0:-:*:*:*:*:*:*
cpe:2.3:a:ibm:cloud_pak_system:2.3.4.1:-:*:*:*:*:*:*

Mon, 30 Jun 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 30 Jun 2025 15:00:00 +0000

Type Values Removed Values Added
Description IBM Cloud Pak System 2.3.3.6, 2.3.36 iFix1, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0, 2.3.4.1, and 2.3.4.1 iFix1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
Title IBM Cloud Pak System HTML injection
First Time appeared Ibm
Ibm cloud Pak System
Weaknesses CWE-80
CPEs cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:*:*:*:*:*:*:*
cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix1:*:*:*:*:*:*
cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:*:*:*:*:*:*:*
cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:ifix1:*:*:*:*:*:*
cpe:2.3:a:ibm:cloud_pak_system:2.3.4.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:cloud_pak_system:2.3.4.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:cloud_pak_system:2.3.4.1:ifix1:*:*:*:*:*:*
Vendors & Products Ibm
Ibm cloud Pak System
References
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published:

Updated: 2025-08-24T11:36:47.304Z

Reserved: 2025-03-28T02:06:17.704Z

Link: CVE-2025-2895

cve-icon Vulnrichment

Updated: 2025-06-30T14:59:19.049Z

cve-icon NVD

Status : Analyzed

Published: 2025-06-30T15:15:23.133

Modified: 2025-08-14T01:07:15.517

Link: CVE-2025-2895

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.