CVE-2023-47741 – IBM i information disclosure
https://notcve.org/view.php?id=CVE-2023-47741
IBM i 7.3, 7.4, 7.5, IBM i Db2 Mirror for i 7.4 and 7.5 web browser clients may leave clear-text passwords in browser memory that can be viewed using common browser tools before the memory is garbage collected. A malicious actor with access to the victim's PC could exploit this vulnerability to gain access to the IBM i operating system. IBM X-Force ID: 272532. Los clientes de navegador web IBM i 7.3, 7.4, 7.5, IBM i Db2 Mirror para i 7.4 y 7.5 pueden dejar contraseñas de texto plano en la memoria del navegador que se pueden ver usando herramientas comunes del navegador antes de que la memoria sea recolectada como basura. Un actor malintencionado con acceso al PC de la víctima podría aprovechar esta vulnerabilidad para obtener acceso al sistema operativo IBM i. • https://www.ibm.com/support/pages/node/7097785 https://www.ibm.com/support/pages/node/7097801 • CWE-522: Insufficiently Protected Credentials •
CVE-2023-45185 – IBM i Access Client Solutions code execution
https://notcve.org/view.php?id=CVE-2023-45185
IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 could allow an attacker to execute remote code. Due to improper authority checks the attacker could perform operations on the PC under the user's authority. IBM X-Force ID: 268273. IBM i Access Client Solutions versiones 1.1.2 a 1.1.4 y 1.1.4.3 a 1.1.9.3 podrían permitir a un atacante ejecutar código remoto. Debido a controles de autoridad inadecuados, el atacante podría realizar operaciones en la PC bajo la autoridad del usuario. • https://github.com/afine-com/CVE-2023-45185 https://exchange.xforce.ibmcloud.com/vulnerabilities/268273 https://www.ibm.com/support/pages/node/7091942 • CWE-863: Incorrect Authorization •
CVE-2023-45182 – IBM i Access Client Solutions information disclosure
https://notcve.org/view.php?id=CVE-2023-45182
IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 is vulnerable to having its key for an encrypted password decoded. By somehow gaining access to the encrypted password, a local attacker could exploit this vulnerability to obtain the password to other systems. IBM X-Force ID: 268265. IBM i Access Client Solutions 1.1.2 a 1.1.4 y 1.1.4.3 a 1.1.9.3 es vulnerable a que se decodifique su clave para una contraseña cifrada. Al obtener acceso de alguna manera a la contraseña cifrada, un atacante local podría aprovechar esta vulnerabilidad para obtener la contraseña de otros sistemas. • https://github.com/afine-com/CVE-2023-45182 https://exchange.xforce.ibmcloud.com/vulnerabilities/268265 https://www.ibm.com/support/pages/node/7091942 • CWE-922: Insecure Storage of Sensitive Information •
CVE-2023-45184 – IBM i Access Client Solutions
https://notcve.org/view.php?id=CVE-2023-45184
IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 could allow an attacker to obtain a decryption key due to improper authority checks. IBM X-Force ID: 268270. IBM i Access Client Solutions versiones 1.1.2 a 1.1.4 y 1.1.4.3 a 1.1.9.3 podrían permitir a un atacante obtener una clave de descifrado debido a comprobaciones de autoridad inadecuadas. ID de IBM X-Force: 268270. • https://github.com/afine-com/CVE-2023-45184 https://exchange.xforce.ibmcloud.com/vulnerabilities/268270 https://www.ibm.com/support/pages/node/7091942 • CWE-922: Insecure Storage of Sensitive Information •
CVE-2023-42006 – IBM i information disclosure
https://notcve.org/view.php?id=CVE-2023-42006
IBM Administration Runtime Expert for i 7.2, 7.3, 7.4, and 7.5 could allow a local user to obtain sensitive information caused by improper authority checks. IBM X-Force ID: 265266. IBM Administration Runtime Expert para i 7.2, 7.3, 7.4 y 7.5 podría permitir a un usuario local obtener información confidencial causada por comprobaciones de autoridad inadecuadas. ID de IBM X-Force: 265266. • https://exchange.xforce.ibmcloud.com/vulnerabilities/265266 https://www.ibm.com/support/pages/node/7085891 • CWE-863: Incorrect Authorization •