Metrics
Affected Vendors & Products
Solution
This security bulletin applies to IBM Cloud Pak System, IBM Cloud Pak System Software, IBM Cloud Pak System Software Suite. For Intel releases, IBM strongly recommends addressing these vulnerabilities now by upgrading to IBM Cloud Pak System v2.3.6.0 available from IBM Fix Central/Passport Advantage Online, 
Information on upgrading here http://www.ibm.com/support/docview.wss?uid=ibm10887959 For Power, contact IBM Support. For unsupported versions the recommendation is to upgrade to supported version of the product.
Workaround
No workaround given by the vendor.
Link | Providers |
---|---|
https://www.ibm.com/support/pages/node/7237164 |
![]() ![]() |
Thu, 14 Aug 2025 06:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-79 | |
CPEs | cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:-:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:-:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_system:2.3.4.0:-:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_system:2.3.4.1:-:*:*:*:*:*:* |
Mon, 30 Jun 2025 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Mon, 30 Jun 2025 15:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | IBM Cloud Pak System 2.3.3.6, 2.3.36 iFix1, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0, 2.3.4.1, and 2.3.4.1 iFix1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. | |
Title | IBM Cloud Pak System HTML injection | |
First Time appeared |
Ibm
Ibm cloud Pak System |
|
Weaknesses | CWE-80 | |
CPEs | cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:*:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix1:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:*:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:ifix1:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_system:2.3.4.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_system:2.3.4.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_system:2.3.4.1:ifix1:*:*:*:*:*:* |
|
Vendors & Products |
Ibm
Ibm cloud Pak System |
|
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: ibm
Published:
Updated: 2025-08-24T11:36:47.304Z
Reserved: 2025-03-28T02:06:17.704Z
Link: CVE-2025-2895

Updated: 2025-06-30T14:59:19.049Z

Status : Analyzed
Published: 2025-06-30T15:15:23.133
Modified: 2025-08-14T01:07:15.517
Link: CVE-2025-2895

No data.

No data.