ByteOS Network

CVE Vulnerability Details :

CVE-2023-38265

PUBLISHED

More Info Official Page

Assigner-ibm

Assigner Org ID-9a959283-ebb5-44b6-b705-dcc2bbced522

Published At-17 Feb, 2026 | 19:06

Updated At-17 Feb, 2026 | 22:04

▼CVE Numbering Authority (CNA)

Improper Access Control and Exposure of Information Through Directory Listing vulnerabilities affect IBM Cloud Pak System[, ]

IBM Cloud Pak System 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0 could disclose folder location information to an unauthenticated attacker that could aid in further attacks against the system.

Affected Products

Vendor

IBM Corporation

Product

Cloud Pak System

CPEs

cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:*:*:*:*:*:*:*
cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:*:*:*:*:*:*:*
cpe:2.3:a:ibm:cloud_pak_system:2.3.4.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:cloud_pak_system:2.3.4.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:cloud_pak_system:2.3.5.0:*:*:*:*:*:*:*

Versions

Affected

From 2.3.3.6 through 2.1.0 (semver)
2.3.3.7
2.3.4.0
2.3.4.1
2.3.5.0

Problem Types

Type	CWE ID	Description
CWE	CWE-548	CWE-548 Exposure of Information Through Directory Listing

Type: CWE

CWE ID: CWE-548

Description: CWE-548 Exposure of Information Through Directory Listing

Metrics

Version	Base score	Base severity	Vector
3.1	5.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Version: 3.1

Base score: 5.3

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Solutions

This Security Bulletin applies to IBM Cloud Pak System, IBM Cloud Pak System Software, IBM Cloud Pak System Software Suite. For Intel releases, IBM strongly recommends addressing this vulnerability now by upgrading to v2.3.4.1 Interim Fix 1 or latest upgrade to Cloud Pak System 2.3.6.1 , For Power, contact IBM Support. For unsupported versions the recommendation is to upgrade/migrate to supported version of the product.

References

Hyperlink	Resource
https://www.ibm.com/support/pages/node/7259955	vendor-advisory patch

Hyperlink: https://www.ibm.com/support/pages/node/7259955

Resource:

vendor-advisory

patch

▼Authorized Data Publishers (ADP)

CISA ADP Vulnrichment

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References