本ページは ibm os_image_for_red_hat_linux_systems に影響する公開済み CVE(NVD の CPE 経由で関連付け)を列挙します。各行に深刻度指標・概要・公開日が含まれます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2023-38281 | IBM Cloud Pak System does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. | [email protected] | 5.3 | 0.29% | 2026-02-04 | 2026-06-17 |
| CVE-2023-38017 | IBM Cloud Pak System is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | [email protected] | 5.3 | 0.29% | 2026-02-04 | 2026-06-17 |
| CVE-2023-38010 | IBM Cloud Pak System displays sensitive information in user messages that could aid in further attacks against the system. | [email protected] | 5.3 | 0.29% | 2026-02-04 | 2026-06-17 |