5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
6.8 Medium
AI Score
Confidence
High
0.962 High
EPSS
Percentile
99.5%
IBM i Access Client Solutions is vulnerable to a remote attacker bypassing integrity checks (CVE-2023-48795) found in Apache Mina SSHD Common. Apache Mina SSHD Common is used by the Open Source Package Manager feature of IBM i Access Client Solutions when authenticating to the IBM i server. This bulletin identifies the steps to take to address the vulnerability as described in the remediation/fixes section.
CVEID:CVE-2023-48795
**DESCRIPTION:**OpenSSH is vulnerable to a machine-in-the-middle attack, caused by a flaw in the extension negotiation process in the SSH transport protocol when used with certain OpenSSH extensions. A remote attacker could exploit this vulnerability to launch a machine-in-the-middle attack and strip an arbitrary number of messages after the initial key exchange, breaking SSH extension negotiation and downgrading the client connection security.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/275282 for the current score.
CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM i Access Family | 1.1.2 - 1.1.4, |
1.1.4.3 - 1.1.9.4 |
The issue can be fixed by upgrading to version 1.1.9.5 or later. See IBM i Access Client Solutions updates for the latest version available.
Product(s)
|
Version(s)
|
Remediation/Fix/Instructions
—|—|—
IBM i Access Client Solutions
|
1.1.2 - 1.1.4,
1.1.4.3 - 1.1.9.4
|
The current version of IBM i Access Client Solutions is available at Downloads.
Or you may download it from the general IBM i software site at
Entitled Systems Support (ESS).
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm i access family | ge | 1.1.2 | |
ibm i access family | le | 1.1.4 |
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
6.8 Medium
AI Score
Confidence
High
0.962 High
EPSS
Percentile
99.5%