CVE-2023-47741

Name of the Vulnerable Software and Affected Versions IBM i versions 7.3 through 7.5 IBM i Db2 Mirror for i versions 7.4 through 7.5

Description The issue allows clear-text passwords to be left in browser memory, which can be viewed using common browser tools before the memory is garbage collected. A malicious actor with access to the victim's PC could exploit this to gain access to the IBM i operating system.

Recommendations For IBM i versions 7.3 through 7.5, consider clearing browser memory regularly to minimize the risk of exploitation. For IBM i Db2 Mirror for i versions 7.4 through 7.5, restrict access to the web browser clients to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.