{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-38013","assignerOrgId":"9a959283-ebb5-44b6-b705-dcc2bbced522","state":"PUBLISHED","assignerShortName":"ibm","dateReserved":"2023-07-11T17:33:12.812Z","datePublished":"2025-01-25T13:55:05.494Z","dateUpdated":"2025-01-27T17:02:47.819Z"},"containers":{"cna":{"affected":[{"cpes":["cpe:2.3:a:ibm:cloud_pak_system:2.3.3.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:cloud_pak_system:2.3.3.3:*:*:*:*:*:*:*","cpe:2.3:a:ibm:cloud_pak_system:2.3.3.3:ifix1:*:*:*:*:*:*","cpe:2.3:a:ibm:cloud_pak_system:2.3.3.4:*:*:*:*:*:*:*","cpe:2.3:a:ibm:cloud_pak_system:2.3.3.5:*:*:*:*:*:*:*","cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:*:*:*:*:*:*:*","cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix1:*:*:*:*:*:*","cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix2:*:*:*:*:*:*","cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:*:*:*:*:*:*:*","cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:ifix1:*:*:*:*:*:*"],"defaultStatus":"unaffected","product":"Cloud Pak System","vendor":"IBM","versions":[{"status":"affected","version":"2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1 could disclose sensitive information in HTTP responses that could aid in further attacks against the system."}],"value":"IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1 could disclose sensitive information in HTTP responses that could aid in further attacks against the system."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":5.3,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-201","description":"CWE-201 Insertion of Sensitive Information Into Sent Data","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"9a959283-ebb5-44b6-b705-dcc2bbced522","shortName":"ibm","dateUpdated":"2025-01-25T13:55:05.494Z"},"references":[{"url":"https://www.ibm.com/support/pages/node/7159533"}],"source":{"discovery":"UNKNOWN"},"title":"IBM Cloud Pak System information disclosure","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-01-27T17:02:29.965914Z","id":"CVE-2023-38013","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-01-27T17:02:47.819Z"}}]}}