CVE-2023-38272

Summary

IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.36 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0, and 2.3.4.1

could allow a user with access to the network to obtain sensitive information from CLI arguments.

Affected Software

VendorProductVersion RangeStatus
IBMCloud Pak System2.3.3.0affected
IBMCloud Pak System2.3.3.3affected
IBMCloud Pak System2.3.3.3 iFix1affected
IBMCloud Pak System2.3.3.4affected
IBMCloud Pak System2.3.3.5affected
IBMCloud Pak System2.3.3.6affected
IBMCloud Pak System2.3.3.6 iFix1affected
IBMCloud Pak System2.3.3.6 iFix2affected
IBMCloud Pak System2.3.3.7affected
IBMCloud Pak System2.3.3.7 iFix1affected
IBMCloud Pak System2.3.4.0affected
IBMCloud Pak System2.3.4.1affected

Weaknesses

  • CWE-300: CWE-300 Channel Accessible by Non-Endpoint

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References