Lucene search

[email protected]NVD:CVE-2022-43928

HistoryApr 07, 2023 - 2:15 p.m.

CVE-2022-43928

2023-04-0714:15:07

[email protected]

web.nvd.nist.gov

ibm toolbox

java

db2 mirror

sensitive information

memory vulnerability

ibm x-force.

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

5.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.3%

JSON

The IBM Toolbox for Java (Db2 Mirror for i 7.4 and 7.5) could allow a user to obtain sensitive information, caused by utilizing a Java string for processing. Since Java strings are immutable, their contents exist in memory until garbage collected. This means sensitive data could be visible in memory over an indefinite amount of time. IBM has addressed this issue by reducing the amount of time the sensitive data is visible in memory. IBM X-Force ID: 241675.

Affected configurations

NVD

Node

ibmdb2_mirror_for_iMatch7.4

ibmdb2_mirror_for_iMatch7.5

References

exchange.xforce.ibmcloud.com/vulnerabilities/241675

www.ibm.com/support/pages/node/6981113

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

5.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.3%

JSON

Related for NVD:CVE-2022-43928

cvelist1 ibm7 cve1 prion1