CVSS3
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
20.7%
IBM i includes support for IBM Navigator for i and IBM Digital Certificate Manager for i which are web browser client interface implementations. The browser implementation could allow sensitive information including passwords to be left in memory which could be viewed using common tools for viewing process information on a PC (CVE-2023-47741). IBM i has addressed this issue by reducing the amount of time the sensitive data is visible in memory as described in the remediation/fixes section.
CVEID:CVE-2023-47741
**DESCRIPTION:**IBM i web browser clients may leave clear-text passwords in browser memory that can be viewed using common browser tools before the memory is garbage collected. A malicious actor with access to the victim’s PC could exploit this vulnerability to gain access to the IBM i operating system.
CVSS Base score: 5.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/272532 for the current score.
CVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM i | 7.5 |
IBM i | 7.4 |
IBM i | 7.3 |
The issue can be fixed by applying PTFs to IBM i. IBM i releases 7.5, 7.4, and 7.3 will be fixed.
The IBM i PTF numbers for 5770-SS1 Option 3 and 5770-SS1 Option 34 contain the fixes for the vulnerability.
IBM i Release | 5770-SS1 Option 3 | PTF Download Link |
---|---|---|
7.5 | SI84809 | <https://www.ibm.com/support/pages/ptf/SI84809> |
7.4 | SI84811 | <https://www.ibm.com/support/pages/ptf/SI84811> |
7.3 | SI84814 | <https://www.ibm.com/support/pages/ptf/SI84814> |
IBM i Release | 5770-SS1 Option 34 | PTF Download Link |
---|---|---|
7.5 | SI85585 | <https://www.ibm.com/support/pages/ptf/SI85585> |
7.4 | SI85584 | <https://www.ibm.com/support/pages/ptf/SI85584> |
7.3 | SI85582 | <https://www.ibm.com/support/pages/ptf/SI85582> |
<https://www.ibm.com/support/fixcentral>
Important note: IBM recommends that all users running unsupported versions of affected products upgrade to supported and fixed version of affected products.
None
CVSS3
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
20.7%