IBM i information disclosure
CVE-2023-47741

5.3MEDIUM

Key Information:

Vendor: IBM
Status: i; Db2 Mirror for i
Vendor: CVE Published:; 18 December 2023

Summary

IBM i 7.3, 7.4, 7.5, IBM i Db2 Mirror for i 7.4 and 7.5 web browser clients may leave clear-text passwords in browser memory that can be viewed using common browser tools before the memory is garbage collected. A malicious actor with access to the victim's PC could exploit this vulnerability to gain access to the IBM i operating system. IBM X-Force ID: 272532.

Affected Version(s)

Db2 Mirror for i 7.4, 7.5

i 7.3, 7.4, 7.5

References

https://www.ibm.com/support/pages/node/7097785

vendor-advisory

https://www.ibm.com/support/pages/node/7097801

vendor-advisory

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Dec 18, 2023
Vulnerability Reserved
Nov 9, 2023