CVE-2023-38013

Name of the Vulnerable Software and Affected Versions IBM Cloud Pak System versions 2.3.3.0 through 2.3.3.7 iFix1

Description The issue is related to the disclosure of sensitive information in HTTP responses, which could aid in further attacks against the system. This could allow a remote attacker to gain unauthorized access to protected information. The vulnerability is associated with the transmission of data and could potentially be exploited to obtain sensitive information.

Recommendations For IBM Cloud Pak System versions 2.3.3.0 through 2.3.3.7 iFix1, consider restricting access to sensitive information and limiting the amount of data transmitted in HTTP responses until a patch is available. As a temporary workaround, review and modify the system's configuration to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.