CVE-2023-47741

MEDIUM Year: 2023
CVSS v3 Score
5.3
Medium
Weakness Type
CWE-522
View all →

Vulnerability Description

IBM i 7.3, 7.4, 7.5, IBM i Db2 Mirror for i 7.4 and 7.5 web browser clients may leave clear-text passwords in browser memory that can be viewed using common browser tools before the memory is garbage collected. A malicious actor with access to the victim's PC could exploit this vulnerability to gain access to the IBM i operating system. IBM X-Force ID: 272532.

Related Vulnerabilities

CVE-2017-8446

MEDIUM
CVSS:5.3(Medium)

The Reporting feature in X-Pack in versions prior to 5.5.2 and standalone Reporting plugin versions versions prior to 2.4.6 had an impersonation vulnerability. A user with the reporting_user role coul...

CWE-5222017

CVE-2018-21237

MEDIUM
CVSS:5.3(Medium)

An issue was discovered in Foxit PhantomPDF before 8.3.7. It allows NTLM credential theft via a GoToE or GoToR action.

CWE-5222018

CVE-2018-21239

MEDIUM
CVSS:5.3(Medium)

An issue was discovered in Foxit Reader and PhantomPDF before 9.2. It allows NTLM credential theft via a GoToE or GoToR action.

CWE-5222018

CVE-2019-10378

MEDIUM
CVSS:5.3(Medium)

Jenkins TestLink Plugin 3.16 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.

CWE-5222019

CVE-2019-4697

MEDIUM
CVSS:5.3(Medium)

IBM Security Guardium Data Encryption (GDE) 3.0.0.2 stores user credentials in plain in clear text which can be read by an authenticated user. IBM X-Force ID: 171938.

CWE-5222019

CVE-2020-11821

MEDIUM
CVSS:5.3(Medium)

In Rukovoditel 2.5.2, users' passwords and usernames are stored in a cookie with URL encoding, base64 encoding, and hashing. Thus, an attacker can easily apply brute force on them.

CWE-5222020