{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-38007","assignerOrgId":"9a959283-ebb5-44b6-b705-dcc2bbced522","state":"PUBLISHED","assignerShortName":"ibm","dateReserved":"2023-07-11T17:33:11.275Z","datePublished":"2025-06-27T14:48:28.581Z","dateUpdated":"2025-08-17T00:24:09.866Z"},"containers":{"cna":{"affected":[{"cpes":["cpe:2.3:a:ibm:cloud_pak_system:2.3.5.5:*:*:*:*:power:*:*","cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:*:*:*:*:power:*:*","cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:ifix1:*:*:*:power:*:*"],"defaultStatus":"unaffected","platforms":["Power"],"product":"Cloud Pak System","vendor":"IBM","versions":[{"status":"affected","version":"2.3.5.0"},{"status":"affected","version":"2.3.3.7"},{"status":"affected","version":"2.3.3.7 iFix1"}]},{"cpes":["cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:*:*:*:*:*:*:*","cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix1:*:*:*:*:*:*","cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix2:*:*:*:*:*:*","cpe:2.3:a:ibm:cloud_pak_system:2.3.4.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:cloud_pak_system:2.3.4.1:*:*:*:*:*:*:*"],"defaultStatus":"unaffected","platforms":["x86"],"product":"Cloud Pak System","vendor":"IBM","versions":[{"status":"affected","version":"2.3.3.6"},{"status":"affected","version":"2.3.3.6 iFix1"},{"status":"affected","version":"2.3.3.6 iFix2"},{"status":"affected","version":"2.3.4.0"},{"status":"affected","version":"2.3.4.1"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"IBM Cloud Pak System 2.3.5.0, 2.3.3.7, 2.3.3.7 iFix1 on Power and 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.4.0, 2.3.4.1 on Intel operating systems is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site."}],"value":"IBM Cloud Pak System 2.3.5.0, 2.3.3.7, 2.3.3.7 iFix1 on Power and 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.4.0, 2.3.4.1 on Intel operating systems is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":5.4,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"LOW","scope":"CHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-80","description":"CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"9a959283-ebb5-44b6-b705-dcc2bbced522","shortName":"ibm","dateUpdated":"2025-08-17T00:24:09.866Z"},"references":[{"tags":["vendor-advisory","patch"],"url":"https://www.ibm.com/support/pages/node/7237162"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"This Security Bulletin applies to IBM Cloud Pak System, IBM Cloud Pak System Software, IBM Cloud Pak System Software Suite.<br><br>For Intel releases, IBM strongly recommends addressing this vulnerability now by upgrading to IBM Cloud Pak System v2.3.4.1 Interim Fix 1 available at IBM Fix Central, <br><br>information on upgrading here <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/node/7178546\">https://www.ibm.com/support/pages/node/7178546</a><br><br>For Power, contact IBM Support.<br><br>For unsupported versions the recommendation is to upgrade/migrate to supported version of the product.<br>"}],"value":"This Security Bulletin applies to IBM Cloud Pak System, IBM Cloud Pak System Software, IBM Cloud Pak System Software Suite.\n\nFor Intel releases, IBM strongly recommends addressing this vulnerability now by upgrading to IBM Cloud Pak System v2.3.4.1 Interim Fix 1 available at IBM Fix Central, \n\ninformation on upgrading here  https://www.ibm.com/support/pages/node/7178546 \n\nFor Power, contact IBM Support.\n\nFor unsupported versions the recommendation is to upgrade/migrate to supported version of the product."}],"source":{"discovery":"UNKNOWN"},"title":"IBM Cloud Pak System HTML injection","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-06-27T15:01:40.406081Z","id":"CVE-2023-38007","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-06-27T15:01:48.933Z"}}]}}