Vulnerability identifier: #VU85318

Vulnerability risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-47741

CWE-ID: CWE-522

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
IBM i
Operating systems & Components / Operating system
IBM Db2 Mirror for i
Server applications / Other server solutions

Vendor: IBM Corporation

Description

The vulnerability allows a user with physical access to gain access to potentially sensitive information.

The vulnerability exists due to web browser clients may leave clear-text passwords in browser memory that can be viewed using common browser tools before the memory is garbage collected. A malicious user with access to the victim's PC could exploit this vulnerability to gain access to the IBM i operating system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

IBM i: 7.3 - 7.5

IBM Db2 Mirror for i: 7.4 - 7.5

---

External links
http://www.ibm.com/support/pages/node/7097785
http://www.ibm.com/support/pages/node/7097801

---

Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.