← back
CVE-2023-38007

IBM Cloud Pak System HTML injection

CVSS 5.4 MEDIUMEPSS 0.2%CWE-80
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 5.4EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch referenciado
Lifecycle
27 Jun 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
IBM Cloud Pak System 2.3.5.0, 2.3.3.7, 2.3.3.7 iFix1 on Power and 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.4.0, 2.3.4.1 on Intel operating systems is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Affected products
IBM · Cloud Pak System

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.ibm.com/support/pages/node/7237162