Security Bulletin: IBM i Access for Windows affected by vulnerability CVE-2018-1888.

Summary

IBM i Access for Windows is affected by vulnerability CVE-2018-1888. This vulnerability affects the Windows system running the IBM i Access for Windows product.

Vulnerability Details

CVEID: CVE-2018-1888 DESCRIPTION: An untrusted search path vulnerability in IBM i Access for Windows versions 7.1 and earlier on Windows can allow arbitrary code execution via a Trojan horse DLL in the current working directory, related to use of the LoadLibrary function.
CVSS Base Score: 5.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/152079&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)

Affected Products and Versions

Release 7.1 of IBM i Access for Windows is affected.

Remediation/Fixes

The issue can be fixed by obtaining and applying the Service Pack SI68573 or higher.

The Service Pack is available at:

<https://www-01.ibm.com/support/docview.wss?uid=isg3T1026807&gt;

<https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/IBM i Technology Updates/page/IBM i Access for Windows - Service Packs&gt;

Release 7.1 – SI68573

_Important note: _IBM recommends that all users running unsupported versions of affected products upgrade to supported and fixed version of affected products.

Workarounds and Mitigations

None