{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2023-38005","assignerOrgId":"9a959283-ebb5-44b6-b705-dcc2bbced522","state":"PUBLISHED","assignerShortName":"ibm","dateReserved":"2023-07-11T17:33:11.275Z","datePublished":"2026-02-17T21:49:59.841Z","dateUpdated":"2026-02-18T20:44:11.979Z"},"containers":{"cna":{"affected":[{"cpes":["cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:*:*:*:*:*:*:*","cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:*:*:*:*:*:*:*","cpe:2.3:a:ibm:cloud_pak_system:2.3.4.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:cloud_pak_system:2.3.4.1:*:*:*:*:*:*:*","cpe:2.3:a:ibm:cloud_pak_system:2.3.5.0:*:*:*:*:*:*:*"],"product":"Cloud Pak System","vendor":"IBM","versions":[{"lessThanOrEqual":"2.1.0","status":"affected","version":"2.3.3.6","versionType":"semver"},{"status":"affected","version":"2.3.3.7"},{"status":"affected","version":"2.3.4.0"},{"status":"affected","version":"2.3.4.1"},{"status":"affected","version":"2.3.5.0"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>IBM Cloud Pak System 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0 could allow an authenticated user to perform unauthorized tasks due to improper access controls.</p>"}],"value":"IBM Cloud Pak System 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0 could allow an authenticated user to perform unauthorized tasks due to improper access controls."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":4.3,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"LOW","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-284","description":"CWE-284 Improper Access Control","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"9a959283-ebb5-44b6-b705-dcc2bbced522","shortName":"ibm","dateUpdated":"2026-02-17T21:49:59.841Z"},"references":[{"tags":["vendor-advisory","patch"],"url":"https://www.ibm.com/support/pages/node/7259955"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>This Security Bulletin applies to IBM Cloud Pak System, IBM Cloud Pak System Software, IBM Cloud Pak System Software Suite. For Intel releases, IBM strongly recommends addressing this vulnerability now by upgrading to&nbsp; v2.3.4.1 Interim Fix 1 or latest upgrade to Cloud Pak System 2.3.6.1 , For Power, contact IBM Support. For unsupported versions the recommendation is to upgrade/migrate to supported version of the product.</p>"}],"value":"This Security Bulletin applies to IBM Cloud Pak System, IBM Cloud Pak System Software, IBM Cloud Pak System Software Suite. For Intel releases, IBM strongly recommends addressing this vulnerability now by upgrading to  v2.3.4.1 Interim Fix 1 or latest upgrade to Cloud Pak System 2.3.6.1 , For Power, contact IBM Support. For unsupported versions the recommendation is to upgrade/migrate to supported version of the product."}],"title":"Improper Access Control and Exposure of Information Through Directory Listing vulnerabilities affect IBM Cloud Pak System[, ]","x_generator":{"engine":"ibm-cvegen"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-02-18T20:44:04.180448Z","id":"CVE-2023-38005","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-02-18T20:44:11.979Z"}}]}}