216.73.217.64

CVE-2023-38007

· Published 27/06/2025 15:15 · Modified 27/06/2025 15:15

Labels: CVE-2023-38007 2025-06-27CVE-2023-38007CWE-80[email protected]

Essential information

Published
27/06/2025 15:15
Modified
27/06/2025 15:15
Author
Creator
CVSS
5.4 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CVSS metrics

Description

IBM Cloud Pak System 2.3.5.0, 2.3.3.7, 2.3.3.7 iFix1 on Power and 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.4.0, 2.3.4.1 on Intel operating systems is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
ibm / cloud pak system cpe:2.3:a:ibm:cloud_pak_system:2.3.5.0:*:*:*:*:*:*:*
ibm / cloud pak system cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:*:*:*:*:*:*:*
ibm / cloud pak system cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:iFix1:*:*:*:*:*:*:*
ibm / cloud pak system cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:*:*:*:*:*:*:*
ibm / cloud pak system cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:iFix1:*:*:*:*:*:*:*
ibm / cloud pak system cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:iFix2:*:*:*:*:*:*:*
ibm / cloud pak system cpe:2.3:a:ibm:cloud_pak_system:2.3.4.0:*:*:*:*:*:*:*
ibm / cloud pak system cpe:2.3:a:ibm:cloud_pak_system:2.3.4.1:*:*:*:*:*:*:*

References