Skip to content

RadicalNotion.AI

We do not sell or share your personal information

© 2026 RadicalNotion.AI

Security Data

CWE Directory
CAPEC Directory
CNA Directory
CNA Report Cards
Data Sources

Calculators

CVSS Calculator
CVSS 4.0
CVSS 3.1
CVSS 3.0
CVSS 2.0

Platform

My Vulnerabilities
Insights
Notifications
Account
Pricing

Learn

All guides
What is a CVE?
What is CVSS?
The CISA KEV catalog
What is EPSS?

Company

About us
Blog
Book a demo

Get Started

Sign up
Log in

Legal

Privacy
Terms

Security data

Weaknesses (CWE)The MITRE CWE weakness catalog
Attack Patterns (CAPEC)MITRE CAPEC attack patterns
CNAsNumbering authorities + report cards
VendorsVulnerabilities by vendor

Tools

CVSS CalculatorScore CVSS 4.0, 3.1, 3.0 & 2.0

Resources

LearnPlain-English security guides
Data SourcesHow we source CVE data

About Us Blog Pricing Book a Demo

Log in

Home
Vendors
Ibm
Cloud Pak System

ibm Cloud Pak System Vulnerabilities: CVEs, CISA KEV & Security Advisories

36 CVEs

ibm Cloud Pak System Vulnerabilities

CVE security advisories and vulnerability history for Cloud Pak System by ibm.

36

Total CVEs

Published

0

In CISA KEV

Exploited in the wild

0

Public exploits

With known exploit

5.3

Avg CVSS

2019–2026

Last updated February 17, 2026

Overview

ibm Cloud Pak System has 36 published CVE records since 2019, of which 0 are in CISA's Known Exploited Vulnerabilities catalog and 0 have a known public exploit. The average CVSS base score across scored CVEs is 5.3.

This page aggregates every publicly disclosed vulnerability (CVE) affecting ibm Cloud Pak System, with a severity breakdown, the affected and patched versions, the most common weakness types, and the full CVE list. Affected platforms include Power.

Severity and exploitation

How the CVSS severity of ibm Cloud Pak System's CVEs breaks down, plus how many are exploited in the wild or have public exploit code.

Critical1

High2

Medium32

Low1

In CISA’s Known Exploited Vulnerabilities catalog

0

None of ibm Cloud Pak System's CVEs are currently listed in CISA's KEV catalog.

Public exploits

0

No ibm Cloud Pak System CVEs currently have a tracked public exploit.

Affected versions and CVEs

Browse every ibm Cloud Pak System version named in a CVE, then pick one to see only the CVEs that affect it.

Specific versions

2.3.4.07 CVEs
2.3.4.17 CVEs
2.36 CVEs
2.25 CVEs
2.3.3.75 CVEs
2.3.3.7 iFix13 CVEs
2.3.4.1 Interim Fix 0013 CVEs
2.3.5.03 CVEs
2.3.3.02 CVEs
2.3.3.32 CVEs
2.3.3.3 iFix12 CVEs
2.3.3.42 CVEs
2.3.3.52 CVEs
2.3.3.62 CVEs
2.3.3.6 iFix12 CVEs
2.3.01 CVE
2.3.0.11 CVE
2.3.3.3.Interim.Fix11 CVE
2.3.3.6 iFix21 CVE

Fixed in

2.3.3.39 CVEs
> 2.1.02 CVEs
> 2.3.3.7 iFix11 CVE
> 2.3.36 iFix11 CVE
> 2.3.4.1 iFix11 CVE
2.3.3.41 CVE
2.3.3.61 CVE

Find a version

36 CVEs

Sort

Improper Access Control and Exposure of Information Through Directory Listing vulnerabilities affect IBM Cloud Pak System[, ]
CVE-2023-38005
Patch
CWE-284
Medium · CVSS 4.3
EPSS 0.0% (2th pct)2026-02-17
Improper Access Control and Exposure of Information Through Directory Listing vulnerabilities affect IBM Cloud Pak System[, ]
CVE-2023-38265
Patch
CWE-548
Medium · CVSS 5.3
EPSS 0.0% (16th pct)2026-02-17
Multiple Vulnerabilities in IBM Cloud Pak System
CVE-2023-38281
Patch
CWE-209
Medium · CVSS 5.3
EPSS 0.0% (2th pct)2026-02-04
Multiple Vulnerabilities in IBM Cloud Pak System
CVE-2023-38017
Patch
CWE-209
Medium · CVSS 5.3
EPSS 0.0% (2th pct)2026-02-04
Multiple Vulnerabilities in IBM Cloud Pak System
CVE-2023-38010
Patch
CWE-209
Medium · CVSS 5.3
EPSS 0.0% (3th pct)2026-02-04
IBM Cloud Pak System HTML injection
CVE-2025-2895
Patch
CWE-80
Medium · CVSS 5.4
EPSS 0.1% (26th pct)2025-06-30
IBM Cloud Pak System HTML injection
CVE-2023-38007
Patch
CWE-80
Medium · CVSS 5.4
EPSS 0.1% (26th pct)2025-06-27
IBM Cloud Pak System information disclosure
CVE-2023-38272
Patch
CWE-300
Medium · CVSS 5.9
EPSS 0.2% (46th pct)2025-03-27
IBM Cloud Pak System information disclosure
CVE-2023-37405
Patch
CWE-311
Medium · CVSS 6.5
EPSS 0.1% (21th pct)2025-03-27
Medium vulnerability · 2025-01-25
CVE-2023-38271CWE-532
Medium · CVSS 4.3
EPSS 0.1% (35th pct)2025-01-25
Medium vulnerability · 2025-01-25
CVE-2023-38713CWE-209
Medium · CVSS 5.3
EPSS 0.1% (27th pct)2025-01-25
Medium vulnerability · 2025-01-25
CVE-2023-38714CWE-209
Medium · CVSS 5.3
EPSS 0.1% (27th pct)2025-01-25
Medium vulnerability · 2025-01-25
CVE-2023-38013CWE-201
Medium · CVSS 5.3
EPSS 0.1% (27th pct)2025-01-25
Medium vulnerability · 2025-01-25
CVE-2023-38012CWE-22
Medium · CVSS 5.3
EPSS 0.1% (22th pct)2025-01-25
Medium vulnerability · 2025-01-25
CVE-2023-38716CWE-209
Medium · CVSS 5.3
EPSS 0.1% (27th pct)2025-01-25
High vulnerability · 2024-02-02
CVE-2023-38273CWE-307
High · CVSS 7.5
EPSS 0.1% (16th pct)2024-02-02
Medium vulnerability · 2023-05-05
CVE-2020-4914
Patch
CWE-613
Medium · CVSS 5.5
EPSS 0.1% (22th pct)2023-05-05
Medium vulnerability · 2022-05-09
CVE-2021-20479
Patch
Medium · CVSS 5.9
EPSS 0.1% (27th pct)2022-05-09
Medium vulnerability · 2021-07-20
CVE-2021-20478
Patch
Medium · CVSS 4.0
EPSS 0.0% (11th pct)2021-07-20
Medium vulnerability · 2021-01-04
CVE-2020-4928
Patch
Medium · CVSS 6.7
EPSS 0.1% (21th pct)2021-01-04
Medium vulnerability · 2021-01-04
CVE-2020-4919
Patch
Medium · CVSS 4.7
EPSS 0.1% (33th pct)2021-01-04
Low vulnerability · 2021-01-04
CVE-2020-4918
Patch
Low · CVSS 2.3
EPSS 0.0% (13th pct)2021-01-04
Medium vulnerability · 2021-01-04
CVE-2020-4917
Patch
Medium · CVSS 4.3
EPSS 0.1% (29th pct)2021-01-04
Medium vulnerability · 2021-01-04
CVE-2020-4916
Patch
Medium · CVSS 5.5
EPSS 0.2% (39th pct)2021-01-04
Medium vulnerability · 2021-01-04
CVE-2020-4913
Patch
Medium · CVSS 4.4
EPSS 0.0% (14th pct)2021-01-04
Medium vulnerability · 2021-01-04
CVE-2020-4912
Patch
Medium · CVSS 4.7
EPSS 0.3% (54th pct)2021-01-04
Medium vulnerability · 2021-01-04
CVE-2020-4910
Patch
Medium · CVSS 4.8
EPSS 0.2% (44th pct)2021-01-04
Medium vulnerability · 2021-01-04
CVE-2020-4909
Patch
Medium · CVSS 4.8
EPSS 0.2% (37th pct)2021-01-04
High vulnerability · 2019-12-10
CVE-2019-4521
Patch
High · CVSS 7.0
EPSS 1.0% (78th pct)2019-12-10
Medium vulnerability · 2019-12-10
CVE-2019-4095
Patch
Medium · CVSS 5.3
EPSS 0.1% (32th pct)2019-12-10

Showing 30 of 36

Common weakness types

The CWE weakness categories most often found in ibm Cloud Pak System CVEs. Follow any weakness for its full explanation.

CWE-209Generation of Error Message Containing Sensitive Information6 CVEs
CWE-80Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)2 CVEs
CWE-284Improper Access Control1 CVE
CWE-300Channel Accessible by Non-Endpoint1 CVE
CWE-201Insertion of Sensitive Information Into Sent Data1 CVE
CWE-311Missing Encryption of Sensitive Data1 CVE
CWE-532Insertion of Sensitive Information into Log File1 CVE
CWE-548Exposure of Information Through Directory Listing1 CVE

Disclosure activity by year

How many ibm Cloud Pak System CVEs were published each year.

2019

8

2021

10

2022

1

2023

1

2024

1

2025

10

2026

5

Other ibm products

Browse vulnerabilities for other products by ibm.

aix824 CVEs websphere application server456 CVEs db2335 CVEs rational quality manager202 CVEs infosphere information server196 CVEs sterling b2b integrator196 CVEs qradar security information and event manager189 CVEs maximo asset management185 CVEs

All ibm vulnerabilities

Frequently asked questions

Common questions about ibm Cloud Pak System vulnerabilities.

How many CVEs does ibm Cloud Pak System have?

ibm Cloud Pak System has 36 published CVE records since 2019.

How many ibm Cloud Pak System CVEs are in CISA KEV?

None of ibm Cloud Pak System's CVEs are currently listed in CISA's Known Exploited Vulnerabilities catalog.

Are there public exploits for ibm Cloud Pak System vulnerabilities?

No ibm Cloud Pak System CVEs currently have a tracked public exploit in this dataset.

Which versions of ibm Cloud Pak System are affected?

26 distinct ibm Cloud Pak System versions are named across its CVEs. Use the version filter above to see the CVEs affecting a specific version.

What are the most common weakness types in ibm Cloud Pak System CVEs?

ibm Cloud Pak System's CVEs most often map to these CWE weakness types: CWE-209 (Generation of Error Message Containing Sensitive Information), CWE-80 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)), CWE-284 (Improper Access Control), CWE-300 (Channel Accessible by Non-Endpoint).

How many critical ibm Cloud Pak System vulnerabilities are there?

ibm Cloud Pak System has 1 critical and 2 high-severity CVEs.

What is the average severity of ibm Cloud Pak System CVEs?

The average CVSS base score across ibm Cloud Pak System's scored CVEs is 5.3.

References

All ibm vulnerabilities
The MITRE CVE Program (opens in a new tab)
Learn: What is a CVE?
CWE directory: the weakness types these CVEs map to

Vulnerability data is sourced from the CVE Program; severity, KEV, and exploit signals are aggregated by RadicalNotion.AI.

Track ibm Cloud Pak System vulnerabilities

Monitor new ibm Cloud Pak System vulnerabilities as they are disclosed, with AI-written analysis and remediation guidance.

Start free See pricing

On this page

Overview
Severity and exploitation
Affected versions and CVEs
Common weakness types
Disclosure activity
Other products
FAQ
References