CVE-2023-47741
MEDIUMIBM i 7.3-7.5 and Db2 Mirror for i 7.4-7.5 - Insufficiently Protected Credentials in Web Browser Client
Title source: llmDescription
IBM i 7.3, 7.4, 7.5, IBM i Db2 Mirror for i 7.4 and 7.5 web browser clients may leave clear-text passwords in browser memory that can be viewed using common browser tools before the memory is garbage collected. A malicious actor with access to the victim's PC could exploit this vulnerability to gain access to the IBM i operating system. IBM X-Force ID: 272532.
References (2)
Core 2
Core References
Patch, Vendor Advisory vendor-advisory
https://www.ibm.com/support/pages/node/7097785
Patch, Vendor Advisory vendor-advisory
https://www.ibm.com/support/pages/node/7097801
Scores
CVSS v3
5.3
EPSS
0.0004
EPSS Percentile
11.2%
Attack Vector
PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-522
Status
published
Products (5)
ibm/db2_mirror_for_i
7.4
ibm/db2_mirror_for_i
7.5
ibm/i
7.3
ibm/i
7.4
ibm/i
7.5
Published
Dec 18, 2023
Tracked Since
Feb 18, 2026