CVE-2023-37405

Summary

IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.36 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0, and 2.3.4.1 stores sensitive data in memory, that could be obtained by an unauthorized user.

Affected Software

VendorProductVersion RangeStatus
IBMCloud Pak System2.3.3.0affected
IBMCloud Pak System2.3.3.3affected
IBMCloud Pak System2.3.3.3 iFix1affected
IBMCloud Pak System2.3.3.4affected
IBMCloud Pak System2.3.3.5affected
IBMCloud Pak System2.3.3.6affected
IBMCloud Pak System2.3.3.6 iFix1affected
IBMCloud Pak System2.3.3.7affected
IBMCloud Pak System2.3.3.7 iFix1affected
IBMCloud Pak System2.3.4.0affected
IBMCloud Pak System2.3.4.1affected

Weaknesses

  • CWE-311: CWE-311 Missing Encryption of Sensitive Data

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References