Primary

Context

IBM Cloud Pak System Sensitive Information Disclosure Vulnerability

Vulnerability

Patched

A vulnerability exists in IBM Cloud Pak System versions 2.3.4.0, 2.3.4.1 (ifix1), 2.3.5.0, 2.3.6.0, and certain OS images for Red Hat Linux Systems. This vulnerability involves the improper handling of sensitive information in user messages, which could be exploited to facilitate further attacks against the system.

Impact

Exploitation of this vulnerability could lead to the disclosure of sensitive information, potentially allowing for subsequent attacks against the system.

Remediation

Users are advised to upgrade to IBM Cloud Pak System version 2.3.6.1. Instructions for upgrading can be found on the IBM Support page.

Added: Feb 4, 2026, 9:36 PM

Updated: Feb 4, 2026, 9:36 PM

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

2.5

exploitability

7.0

remediation

7.7

relevance

2.7

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

2.5

exploitability

7.0

remediation

7.7

relevance

2.7

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

IBM Cloud Pak System Sensitive Information Disclosure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

IBM Cloud Pak System

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating