Key Information Vulnerability Overview CVE ID: CVE-2023-38007 Description: IBM Cloud Pak System is affected by an HTML injection vulnerability. Remote attackers can inject malicious HTML code, which, when viewed by a victim, will execute in the victim's web browser, running within the security context of the hosted site. CWE: CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) CVSS Score: 5.4 CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N) Affected Products and Versions Remediation For Intel versions, IBM strongly recommends upgrading to IBM Cloud Pak System v2.3.4.1 Interim Fix 1 to address this vulnerability. For Power versions, please contact IBM Support. Additional Information Release Date: June 27, 2023 Operating Systems: Linux, AIX Software Version: 2.3