CVE-2023-38005
Improper Access Control and Exposure of Information Through Directory Listing vulnerabilities affect IBM Cloud Pak System[, ]
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 4.3EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado
Lifecycle
17 Feb 2026Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
IBM Cloud Pak System 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0 could allow an authenticated user to perform unauthorized tasks due to improper access controls.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Affected products
IBM · Cloud Pak System