Lucene search

IbmCVELIST:CVE-2022-43928

HistoryApr 07, 2023 - 1:37 p.m.

CVE-2022-43928 IBM Db2 Mirror for i information disclosure

2023-04-0713:37:22

ibm

www.cve.org

cve-2022-43928

ibm toolbox for java

db2 mirror for i

information disclosure

sensitive information

java string

memory exposure

ibm x-force id

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

AI Score

6.2

Confidence

High

EPSS

0.001

Percentile

27.0%

JSON

The IBM Toolbox for Java (Db2 Mirror for i 7.4 and 7.5) could allow a user to obtain sensitive information, caused by utilizing a Java string for processing. Since Java strings are immutable, their contents exist in memory until garbage collected. This means sensitive data could be visible in memory over an indefinite amount of time. IBM has addressed this issue by reducing the amount of time the sensitive data is visible in memory. IBM X-Force ID: 241675.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Db2 Mirror for i",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "7.4, 7.5"
      }
    ]
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/241675

www.ibm.com/support/pages/node/6981113

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

AI Score

6.2

Confidence

High

EPSS

0.001

Percentile

27.0%

JSON

Related for CVELIST:CVE-2022-43928