CVE-2023-38271

IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1 could allow an authenticated user to obtain sensitive information from log files.

Weakness

The product writes sensitive information to a log file.

Affected Software

Name	Vendor	Start Version	End Version
Cloud_pak_system	Ibm	2.3.3.0 (including)	2.3.3.0 (including)
Cloud_pak_system	Ibm	2.3.3.3 (including)	2.3.3.3 (including)
Cloud_pak_system	Ibm	2.3.3.3-ifix1 (including)	2.3.3.3-ifix1 (including)
Cloud_pak_system	Ibm	2.3.3.4 (including)	2.3.3.4 (including)
Cloud_pak_system	Ibm	2.3.3.5 (including)	2.3.3.5 (including)
Cloud_pak_system	Ibm	2.3.3.6 (including)	2.3.3.6 (including)
Cloud_pak_system	Ibm	2.3.3.6-ifix1 (including)	2.3.3.6-ifix1 (including)
Cloud_pak_system	Ibm	2.3.3.6-ifix2 (including)	2.3.3.6-ifix2 (including)
Cloud_pak_system	Ibm	2.3.3.7 (including)	2.3.3.7 (including)
Cloud_pak_system	Ibm	2.3.3.7-ifix1 (including)	2.3.3.7-ifix1 (including)

Potential Mitigations

https://cwe.mitre.org/data/definitions/215.html

References

https://www.ibm.com/support/pages/node/7159533

NVD	https://nvd.nist.gov/vuln/detail/CVE-2023-38271
CWE	https://cwe.mitre.org/data/definitions/532.html

Insertion of Sensitive Information into Log File

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References