CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
27.0%
IBM i Access Client Solutions uses the IBM Toolbox for Java to access IBM i interfaces. IBM Toolbox for Java could allow sensitive information stored as Java strings to be obtained by an attacker as described in the vulnerability details section. IBM has addressed this CVE by providing a fix to IBM i Access Client Solutions as described in the remediation/fixes section.
CVEID:CVE-2022-43928
**DESCRIPTION:**The IBM Toolbox for Java (Db2 Mirror for i 7.4 and 7.5) could allow a user to obtain sensitive information, caused by utilizing a Java string for processing. Since Java strings are immutable, their contents exist in memory until garbage collected. This means sensitive data could be visible in memory over an indefinite amount of time. IBM has addressed this issue by reducing the amount of time the sensitive data is visible in memory. IBM X-Force ID: 241675.
CVSS Base score: 4.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/241675 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM i Access Family | All |
The issue can be fixed by upgrading to version 1.1.9.2 or later. See IBM i Access Client Solutions updates for the latest version available.
Affected Product(s) | Version(s) | Remediation/Fix/Instructions |
---|---|---|
IBM i Access Client Solutions | 1.1.2 - 1.1.4, | |
1.1.4.3 - 1.1.9.1 |
The current version of IBM i Access Client Solutions is available at Downloads.
Or you may download it from the general IBM i software site at
Entitled Systems Support (ESS).
None
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
27.0%