CVE-2023-38265 - Vulnerability Details - OpenCVE

IBM Cloud Pak System 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0 could disclose folder location information to an unauthenticated attacker that could aid in further attacks against the system.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Ibm	Cloud Pak System

No data.

No data.

No data.

References

Link	Providers
https://www.ibm.com/support/pages/node/7259955

History

Tue, 17 Feb 2026 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 17 Feb 2026 19:45:00 +0000

Type	Values Removed	Values Added
Description		IBM Cloud Pak System 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0 could disclose folder location information to an unauthenticated attacker that could aid in further attacks against the system.
Title		Improper Access Control and Exposure of Information Through Directory Listing vulnerabilities affect IBM Cloud Pak System[, ]
First Time appeared		Ibm Ibm cloud Pak System
Weaknesses		CWE-548
CPEs		cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:::::::* cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:::::::* cpe:2.3:a:ibm:cloud_pak_system:2.3.4.0:::::::* cpe:2.3:a:ibm:cloud_pak_system:2.3.4.1:::::::* cpe:2.3:a:ibm:cloud_pak_system:2.3.5.0:::::::*
Vendors & Products		Ibm Ibm cloud Pak System
References		https://www.ibm.com/support/pages/node/7259955
Metrics		cvssV3_1 `{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}`

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2026-02-17T19:06:58.470Z

Updated: 2026-02-17T19:52:46.333Z

Reserved: 2023-07-14T00:46:14.889Z

Link: CVE-2023-38265

Vulnrichment

Updated: 2026-02-17T19:52:37.272Z

NVD

Status : Received

Published: 2026-02-17T20:22:00.460

Modified: 2026-02-17T20:22:00.460

Link: CVE-2023-38265

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2023-38265", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2023-07-14T00:46:14.889Z", "datePublished": "2026-02-17T19:06:58.470Z", "dateUpdated": "2026-02-17T19:52:46.333Z"}, "containers": {"cna": {"affected": [{"cpes": ["cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cloud_pak_system:2.3.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cloud_pak_system:2.3.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cloud_pak_system:2.3.5.0:*:*:*:*:*:*:*"], "product": "Cloud Pak System", "vendor": "IBM", "versions": [{"lessThanOrEqual": "2.1.0", "status": "affected", "version": "2.3.3.6", "versionType": "semver"}, {"status": "affected", "version": "2.3.3.7"}, {"status": "affected", "version": "2.3.4.0"}, {"status": "affected", "version": "2.3.4.1"}, {"status": "affected", "version": "2.3.5.0"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>IBM Cloud Pak System 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0 could disclose folder location information to an unauthenticated attacker that could aid in further attacks against the system.</p>"}], "value": "IBM Cloud Pak System 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0 could disclose folder location information to an unauthenticated attacker that could aid in further attacks against the system."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-548", "description": "CWE-548 Exposure of Information Through Directory Listing", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2026-02-17T19:06:58.470Z"}, "references": [{"tags": ["vendor-advisory", "patch"], "url": "https://www.ibm.com/support/pages/node/7259955"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>This Security Bulletin applies to IBM Cloud Pak System, IBM Cloud Pak System Software, IBM Cloud Pak System Software Suite. For Intel releases, IBM strongly recommends addressing this vulnerability now by upgrading to  v2.3.4.1 Interim Fix 1 or latest upgrade to Cloud Pak System 2.3.6.1 , For Power, contact IBM Support. For unsupported versions the recommendation is to upgrade/migrate to supported version of the product.</p>"}], "value": "This Security Bulletin applies to IBM Cloud Pak System, IBM Cloud Pak System Software, IBM Cloud Pak System Software Suite. For Intel releases, IBM strongly recommends addressing this vulnerability now by upgrading to\u00a0 v2.3.4.1 Interim Fix 1 or latest upgrade to Cloud Pak System 2.3.6.1 , For Power, contact IBM Support. For unsupported versions the recommendation is to upgrade/migrate to supported version of the product."}], "title": "Improper Access Control and Exposure of Information Through Directory Listing vulnerabilities affect IBM Cloud Pak System[, ]", "x_generator": {"engine": "ibm-cvegen"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-17T19:52:30.062814Z", "id": "CVE-2023-38265", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-17T19:52:46.333Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-38265", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-17T19:52:30.062814Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-17T19:52:37.272Z"}}], "cna": {"title": "Improper Access Control and Exposure of Information Through Directory Listing vulnerabilities affect IBM Cloud Pak System[, ]", "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"cpes": ["cpe:2.3:a:ibm:cloud_pak_system:2.3.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cloud_pak_system:2.3.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cloud_pak_system:2.3.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cloud_pak_system:2.3.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cloud_pak_system:2.3.5.0:*:*:*:*:*:*:*"], "vendor": "IBM", "product": "Cloud Pak System", "versions": [{"status": "affected", "version": "2.3.3.6", "versionType": "semver", "lessThanOrEqual": "2.1.0"}, {"status": "affected", "version": "2.3.3.7"}, {"status": "affected", "version": "2.3.4.0"}, {"status": "affected", "version": "2.3.4.1"}, {"status": "affected", "version": "2.3.5.0"}]}], "solutions": [{"lang": "en", "value": "This Security Bulletin applies to IBM Cloud Pak System, IBM Cloud Pak System Software, IBM Cloud Pak System Software Suite. For Intel releases, IBM strongly recommends addressing this vulnerability now by upgrading to\u00a0 v2.3.4.1 Interim Fix 1 or latest upgrade to Cloud Pak System 2.3.6.1 , For Power, contact IBM Support. For unsupported versions the recommendation is to upgrade/migrate to supported version of the product.", "supportingMedia": [{"type": "text/html", "value": "<p>This Security Bulletin applies to IBM Cloud Pak System, IBM Cloud Pak System Software, IBM Cloud Pak System Software Suite. For Intel releases, IBM strongly recommends addressing this vulnerability now by upgrading to  v2.3.4.1 Interim Fix 1 or latest upgrade to Cloud Pak System 2.3.6.1 , For Power, contact IBM Support. For unsupported versions the recommendation is to upgrade/migrate to supported version of the product.</p>", "base64": false}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7259955", "tags": ["vendor-advisory", "patch"]}], "x_generator": {"engine": "ibm-cvegen"}, "descriptions": [{"lang": "en", "value": "IBM Cloud Pak System 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0 could disclose folder location information to an unauthenticated attacker that could aid in further attacks against the system.", "supportingMedia": [{"type": "text/html", "value": "<p>IBM Cloud Pak System 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0 could disclose folder location information to an unauthenticated attacker that could aid in further attacks against the system.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-548", "description": "CWE-548 Exposure of Information Through Directory Listing"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2026-02-17T19:06:58.470Z"}}}, "cveMetadata": {"cveId": "CVE-2023-38265", "state": "PUBLISHED", "dateUpdated": "2026-02-17T19:52:46.333Z", "dateReserved": "2023-07-14T00:46:14.889Z", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "datePublished": "2026-02-17T19:06:58.470Z", "assignerShortName": "ibm"}, "dataVersion": "5.2"}