CVE-2023-38005

MEDIUM

IBM Cloud Pak System 2.3.3.6-2.3.5.0 - Privilege Escalation

Title source: llm
STIX 2.1

Description

IBM Cloud Pak System 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0 could allow an authenticated user to perform unauthorized tasks due to improper access controls.

References (1)

Core 1
Core References
Various Sources vendor-advisory patch
https://www.ibm.com/support/pages/node/7259955

Scores

CVSS v3 4.3
EPSS 0.0021
EPSS Percentile 10.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-284
Status published
Products (5)
ibm/cloud_pak_system 2.3.3.6
ibm/cloud_pak_system 2.3.3.7
ibm/cloud_pak_system 2.3.4.0
ibm/cloud_pak_system 2.3.4.1
ibm/cloud_pak_system 2.3.5.0
Published Feb 17, 2026
Tracked Since Feb 18, 2026