CVE-2023-38265

MEDIUM

IBM Cloud Pak System 2.3.3.6-2.3.5.0 - Info Disclosure

Title source: llm

Description

IBM Cloud Pak System 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0 could disclose folder location information to an unauthenticated attacker that could aid in further attacks against the system.

References (1)

[Various Sources] https://www.ibm.com/support/pages/node/7259955

Scores

CVSS v3 5.3

EPSS 0.0004

EPSS Percentile 13.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Classification

CWE

CWE-548

Status published

Affected Products (5)

ibm/cloud_pak_system

Timeline

Published Feb 17, 2026

Tracked Since Feb 18, 2026