CVE-2023-38007 | THREATINT

Description

IBM Cloud Pak System 2.3.5.0, 2.3.3.7, 2.3.3.7 iFix1 on Power and 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.4.0, 2.3.4.1 on Intel operating systems is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.

PUBLISHED Reserved 2023-07-11 | Published 2025-06-27 | Updated 2025-08-17 | Assigner ibm

MEDIUM: 5.4CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Problem types

CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

Product status

Default status

unaffected

2.3.5.0

affected

2.3.3.7

affected

2.3.3.7 iFix1

affected

Default status

unaffected

2.3.3.6

affected

2.3.3.6 iFix1

affected

2.3.3.6 iFix2

affected

2.3.4.0

affected

2.3.4.1

affected

References

www.ibm.com/support/pages/node/7237162 vendor-advisory patch

cve.org (CVE-2023-38007)

nvd.nist.gov (CVE-2023-38007)

Download JSON