Lucene search

PRIOn knowledge basePRION:CVE-2022-43928

HistoryApr 07, 2023 - 2:15 p.m.

Design/Logic Flaw

2023-04-0714:15:00

PRIOn knowledge base

www.prio-n.com

ibm

toolbox for java

security flaw

java string

processing

vulnerability

sensitive information

exposure

fix

ibm x-force id

nvd

6.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.3%

JSON

The IBM Toolbox for Java (Db2 Mirror for i 7.4 and 7.5) could allow a user to obtain sensitive information, caused by utilizing a Java string for processing. Since Java strings are immutable, their contents exist in memory until garbage collected. This means sensitive data could be visible in memory over an indefinite amount of time. IBM has addressed this issue by reducing the amount of time the sensitive data is visible in memory. IBM X-Force ID: 241675.

CPENameOperatorVersion
db2_mirror_for_ieq7.5
db2_mirror_for_ieq7.4

CPE	Name	Operator	Version
	db2_mirror_for_i	eq	7.5
	db2_mirror_for_i	eq	7.4

References

exchange.xforce.ibmcloud.com/vulnerabilities/241675

www.ibm.com/support/pages/node/6981113