Lucene search

IbmCVELIST:CVE-2022-43928

HistoryApr 07, 2023 - 1:37 p.m.

CVE-2022-43928 IBM Db2 Mirror for i information disclosure

2023-04-0713:37:22

ibm

www.cve.org

cve-2022-43928

ibm toolbox for java

db2 mirror for i

information disclosure

sensitive information

java string

memory exposure

ibm x-force id

4.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

6.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.3%

JSON

The IBM Toolbox for Java (Db2 Mirror for i 7.4 and 7.5) could allow a user to obtain sensitive information, caused by utilizing a Java string for processing. Since Java strings are immutable, their contents exist in memory until garbage collected. This means sensitive data could be visible in memory over an indefinite amount of time. IBM has addressed this issue by reducing the amount of time the sensitive data is visible in memory. IBM X-Force ID: 241675.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Db2 Mirror for i",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "7.4, 7.5"
      }
    ]
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/241675

www.ibm.com/support/pages/node/6981113

4.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

6.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.3%

JSON

Related for CVELIST:CVE-2022-43928