CVE-2023-47741 — Insufficiently Protected Credentials in IBM DB2 Mirror FOR I

CWE-522 — Insufficiently Protected Credentials3 documents3 sources

Severity

5.3MEDIUMNVD

EPSS

0.0%

top 89.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM DB2 Mirror FOR I IBM I

Timeline

PublishedDec 18

Description

IBM i 7.3, 7.4, 7.5, IBM i Db2 Mirror for i 7.4 and 7.5 web browser clients may leave clear-text passwords in browser memory that can be viewed using common browser tools before the memory is garbage collected. A malicious actor with access to the victim's PC could exploit this vulnerability to gain access to the IBM i operating system. IBM X-Force ID: 272532.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:NExploitability: 0.9 | Impact: 4.0

Affected Packages4 packages

▶NVDibm/db2_mirror7.4, 7.5+1

▶CVEListV5ibm/db2_mirror_for_i7.4, 7.5

▶CVEListV5ibm/i7.3, 7.4, 7.5

▶NVDibm/i7.3, 7.4, 7.5+2

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-4c5v-86xf-p6j6: IBM i 7↗2023-12-18

▶

CVEList

IBM i information disclosure↗2023-12-18

▶