Vulnerability identifier: #VU85318
Vulnerability risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-522
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
IBM i
Operating systems & Components /
Operating system
IBM Db2 Mirror for i
Server applications /
Other server solutions
Vendor: IBM Corporation
Description
The vulnerability allows a user with physical access to gain access to potentially sensitive information.
The vulnerability exists due to web browser clients may leave clear-text passwords in browser memory that can be viewed using common browser tools before the memory is garbage collected. A malicious user with access to the victim's PC could exploit this vulnerability to gain access to the IBM i operating system.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
IBM i: 7.3 - 7.5
IBM Db2 Mirror for i: 7.4 - 7.5
External links
http://www.ibm.com/support/pages/node/7097785
http://www.ibm.com/support/pages/node/7097801
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.