Insufficiently protected credentials in IBM Db2 Mirror for i
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2023-47741 |
| CWE-ID | CWE-522 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
IBM Db2 Mirror for i Server applications / Other server solutions |
| Vendor | IBM Corporation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Insufficiently protected credentials
EUVDB-ID: #VU85318
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-47741
CWE-ID:
CWE-522 - Insufficiently Protected Credentials
Exploit availability: No
DescriptionThe vulnerability allows a user with physical access to gain access to potentially sensitive information.
The vulnerability exists due to web browser clients may leave clear-text passwords in browser memory that can be viewed using common browser tools before the memory is garbage collected. A malicious user with access to the victim's PC could exploit this vulnerability to gain access to the IBM i operating system.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Db2 Mirror for i: 7.4 - 7.5
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_db2_mirror_for_i:7.4:*:*:*:*:*:*:
- cpe:2.3:a:ibm_corporation:ibm_db2_mirror_for_i:7.5:*:*:*:*:*:*:
http://www.ibm.com/support/pages/node/7097801
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
