What is CVE-2023-37405?

CVE-2023-37405 is a medium-severity vulnerability in Ibm Cloud Pak System, classified under Missing Encryption of Sensitive Data. CVSS score: 6.5/10. Published 2025-03-27.

How severe is CVE-2023-37405?

Medium severity. CVSS v3 base score is 6.5 out of 10.

Vulnerability in Ibm Cloud Pak System

CVE-2023-37405

IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.36 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0, and 2.3.4.1 stores sensitive data in memory, that could be obtained by an unauthorized user.

EPSS: 0.001 (21.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N.

Affected products

Ibm Cloud Pak System — versions 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1

Weakness classification (CWE)

CWE-311 — Missing Encryption of Sensitive Data

References

www.ibm.com/support/pages/node/7229212 (vendor-advisory, patch)

Frequently asked questions

What is CVE-2023-37405?: CVE-2023-37405 is a medium-severity vulnerability in Ibm Cloud Pak System, classified under Missing Encryption of Sensitive Data. CVSS score: 6.5/10. Published 2025-03-27.
How severe is CVE-2023-37405?: Medium severity. CVSS v3 base score is 6.5 out of 10.