Vulnerabilites related to ibm - cloud_pak_system_software_suite
Vulnerability from fkie_nvd
Published
2025-03-27 18:17
Modified
2025-08-18 18:46
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.36 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0, and 2.3.4.1 stores sensitive data in memory, that could be obtained by an unauthorized user.
References
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/7229212Vendor Advisory
Impacted products
Vendor Product Version
ibm cloud_pak_system 2.3.1.1
ibm cloud_pak_system 2.3.3.0
ibm cloud_pak_system 2.3.3.3
ibm cloud_pak_system 2.3.3.3
ibm cloud_pak_system 2.3.3.4
ibm cloud_pak_system 2.3.3.5
ibm cloud_pak_system 2.3.3.6
ibm cloud_pak_system 2.3.3.6
ibm cloud_pak_system 2.3.3.6
ibm cloud_pak_system 2.3.3.7
ibm cloud_pak_system 2.3.3.7
ibm cloud_pak_system 2.3.4.0
ibm cloud_pak_system 2.3.4.1
ibm cloud_pak_system_software_suite 2.3.2.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7D9DA5D-895C-45D9-909C-9C04454A1BB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "5B1369A7-1661-4754-9740-4A189D9611F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "89A3F996-80B7-4845-B15C-D10A39A675BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.3:ifix1:*:*:*:*:*:*",
              "matchCriteriaId": "54D87560-AFF1-4320-9A08-6AB84B7330F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "94DE4362-6806-48FA-8529-A989540273F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "DF6B16C6-8D4F-480E-8BBA-45853735977D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "E929D5FD-319D-45FD-85FF-688528762615",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix1:*:*:*:*:*:*",
              "matchCriteriaId": "31C15792-C94C-4599-B32A-287A5B7749A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix2:*:*:*:*:*:*",
              "matchCriteriaId": "C056670B-C13D-4E6F-AB80-950A09915DB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "6AB3D285-C45A-4463-80B1-17A9B6086439",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:ifix1:*:*:*:*:*:*",
              "matchCriteriaId": "1AC8B844-D88C-4029-8395-A73853195EC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.4.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "1A007FD5-CF3B-4DC0-B8C0-3D04AF411FD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:cloud_pak_system:2.3.4.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "618F4D77-242C-415C-AA3F-4F79C2663178",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:cloud_pak_system_software_suite:2.3.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "49EB651B-FC8D-4A20-AA73-7AE9CDC9D359",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.36 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0, and 2.3.4.1 stores sensitive data in memory, that could be obtained by an unauthorized user."
    },
    {
      "lang": "es",
      "value": "IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.36 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0 y 2.3.4.1 almacenan datos confidenciales en la memoria que un usuario no autorizado podr\u00eda obtener."
    }
  ],
  "id": "CVE-2023-37405",
  "lastModified": "2025-08-18T18:46:32.490",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-03-27T18:17:28.463",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7229212"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-311"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Secondary"
    }
  ]
}

CVE-2023-37405 (GCVE-0-2023-37405)
Vulnerability from cvelistv5
Published
2025-03-27 17:20
Modified
2025-08-17 01:14
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CWE
  • CWE-311 - Missing Encryption of Sensitive Data
Summary
IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.36 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0, and 2.3.4.1 stores sensitive data in memory, that could be obtained by an unauthorized user.
References
Impacted products
Vendor Product Version
IBM Cloud Pak System Version: 2.3.3.0
Version: 2.3.3.3
Version: 2.3.3.3 iFix1
Version: 2.3.3.4
Version: 2.3.3.5
Version: 2.3.3.6
Version: 2.3.3.6 iFix1
Version: 2.3.3.7
Version: 2.3.3.7 iFix1
Version: 2.3.4.0
Version: 2.3.4.1
    cpe:2.3:a:ibm:cloud_pak_system:2.3.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:cloud_pak_system:2.3.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:cloud_pak_system:2.3.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:cloud_pak_system:2.3.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:cloud_pak_system:2.3.3.3:ifix1:*:*:*:*:*:*
    cpe:2.3:a:ibm:cloud_pak_system:2.3.3.4:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:cloud_pak_system:2.3.3.5:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix1:*:*:*:*:*:*
    cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix2:*:*:*:*:*:*
    cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:ifix1:*:*:*:*:*:*
    cpe:2.3:a:ibm:cloud_pak_system:2.3.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:cloud_pak_system:2.3.4.1:*:*:*:*:*:*:*
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-37405",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-27T18:11:13.021060Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-27T18:11:23.196Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:cloud_pak_system:2.3.1.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:cloud_pak_system:2.3.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.3:ifix1:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix1:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:ifix2:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:ifix1:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:cloud_pak_system:2.3.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:cloud_pak_system:2.3.4.1:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Cloud Pak System",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "2.3.3.0"
            },
            {
              "status": "affected",
              "version": "2.3.3.3"
            },
            {
              "status": "affected",
              "version": "2.3.3.3 iFix1"
            },
            {
              "status": "affected",
              "version": "2.3.3.4"
            },
            {
              "status": "affected",
              "version": "2.3.3.5"
            },
            {
              "status": "affected",
              "version": "2.3.3.6"
            },
            {
              "status": "affected",
              "version": "2.3.3.6 iFix1"
            },
            {
              "status": "affected",
              "version": "2.3.3.7"
            },
            {
              "status": "affected",
              "version": "2.3.3.7 iFix1"
            },
            {
              "status": "affected",
              "version": "2.3.4.0"
            },
            {
              "status": "affected",
              "version": "2.3.4.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.36 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0, and 2.3.4.1 stores sensitive data in memory, that could be obtained by an unauthorized user."
            }
          ],
          "value": "IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.36 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0, and 2.3.4.1 stores sensitive data in memory, that could be obtained by an unauthorized user."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-311",
              "description": "CWE-311 Missing Encryption of Sensitive Data",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-17T01:14:54.449Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://www.ibm.com/support/pages/node/7229212"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Cloud Pak System information disclosure",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2023-37405",
    "datePublished": "2025-03-27T17:20:04.260Z",
    "dateReserved": "2023-07-05T15:59:16.996Z",
    "dateUpdated": "2025-08-17T01:14:54.449Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}