CVE-2022-43928

Name of the Vulnerable Software and Affected Versions IBM Toolbox for Java (Db2 Mirror for i) versions 7.4 through 7.5

Description The issue allows a user to obtain sensitive information due to the utilization of a Java string for processing. Since Java strings are immutable, their contents exist in memory until garbage collected, making sensitive data visible in memory over an indefinite amount of time. The problem has been addressed by reducing the amount of time the sensitive data is visible in memory.

Recommendations For versions 7.4 and 7.5, update to a version where the issue has been addressed by reducing the amount of time the sensitive data is visible in memory. At the moment, there is no information about a newer version that contains a fix for this vulnerability.