CNNVD-202602-576 Information

CNNVD ID

CNNVD-202602-576

Related CVE

CVE-2023-38281

• CNNVD Published: 2026-02-04

Description (Chinese)

IBM Cloud Pak System是美国国际商业机器（IBM）公司的一套具有可配置、预集成软件的全栈、融合基础架构。该产品支持跨混合云部署、管理和移动应用程序环境。 IBM Cloud Pak System存在安全漏洞，该漏洞源于未在授权令牌或会话Cookie上设置安全属性，可能导致攻击者通过HTTP链接获取Cookie值。

Description (English)

IBM Cloud Pak Systems is a fully configured, pre-integrated software, integrated infrastructure for the United States International Business Machine (IBM). The product supports a cross-mixed cloud deployment, management and mobile application environment. There is a security loophole in IBM Cloud Pak System, which stems from the failure to set security attributes on the authorized token or session Cookie, which may lead the assailant to access the Cookie values via the HTTP link.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

国际商业机器

Published

2026-02-04

Last Modified

2026-02-24

References

https://www.ibm.com/support/pages/node/7254419

Patch

https://www.ibm.com/support/pages/node/7254419