CVE-2023-38007

Summary

IBM Cloud Pak System 2.3.5.0, 2.3.3.7, 2.3.3.7 iFix1 on Power and 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.4.0, 2.3.4.1 on Intel operating systems is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.

Affected Software

VendorProductVersion RangeStatus
IBMCloud Pak System2.3.5.0affected
IBMCloud Pak System2.3.3.7affected
IBMCloud Pak System2.3.3.7 iFix1affected
IBMCloud Pak System2.3.3.6affected
IBMCloud Pak System2.3.3.6 iFix1affected
IBMCloud Pak System2.3.3.6 iFix2affected
IBMCloud Pak System2.3.4.0affected
IBMCloud Pak System2.3.4.1affected

Weaknesses

  • CWE-80: CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References