CVE-2023-38005

Summary

IBM Cloud Pak System 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0 could allow an authenticated user to perform unauthorized tasks due to improper access controls.

Affected Software

VendorProductVersion RangeStatus
IBMCloud Pak System2.3.3.6 <= 2.1.0affected
IBMCloud Pak System2.3.3.7affected
IBMCloud Pak System2.3.4.0affected
IBMCloud Pak System2.3.4.1affected
IBMCloud Pak System2.3.5.0affected

Weaknesses

  • CWE-284: CWE-284 Improper Access Control

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References