This page lists publicly disclosed CVE vulnerabilities affecting ibm os_image_for_red_hat_linux_systems (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2023-38281 | IBM Cloud Pak System does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. | [email protected] | 5.3 | 0.03% | 2026-02-04 | 2026-02-25 |
| CVE-2023-38017 | IBM Cloud Pak System is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | [email protected] | 5.3 | 0.03% | 2026-02-04 | 2026-02-25 |
| CVE-2023-38010 | IBM Cloud Pak System displays sensitive information in user messages that could aid in further attacks against the system. | [email protected] | 5.3 | 0.03% | 2026-02-04 | 2026-02-25 |