IBM Cloud Pak System displays sensitive information in user messages that could aid in further attacks against the system.
"}],"value":"IBM Cloud Pak System displays sensitive information in user messages that could aid in further attacks against the system."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":5.3,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-209","description":"CWE-209 Generation of Error Message Containing Sensitive Information","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"9a959283-ebb5-44b6-b705-dcc2bbced522","shortName":"ibm","dateUpdated":"2026-02-04T20:46:18.289Z"},"references":[{"tags":["vendor-advisory","patch"],"url":"https://www.ibm.com/support/pages/node/7254419"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"IBM strongly recommends addressing the vulnerabilities now by upgrading to version 2.3.6.1.
IBM Cloud Pak System provides OS image for Red Hat Enterprise Linux System 4.0.8.0 based on Red Hat Enterprise Linux 8.10 and OS image for Red Hat Enterprise Linux System 5.0.3 based on Red Hat Enterprise Linux 9.6. IBM Cloud Pak System provides IBM WebSphere Application Server Liberty V25.0.0.9; IBM Storage Scale is also upgraded to IBM Storage Scale V5.2.3.3.
For Power, contact IBM Support.
This Security bulletin applies to IBM Cloud Pak System, IBM Cloud Pak System Software, and IBM Cloud Pak System Software Suite.
Information on upgrading here http://www.ibm.com/support/docview.wss?uid=ibm10887959
For unsupported versions the recommendation is to upgrade to a supported version of the product.