8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.7 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
32.0%
IBM i Access Client Solutions is vulnerable to remote code execution due to a flaw which fails to authenticate the origin of a serialized object (CVE-2023-45185), and insecurely storing passwords by allowing the password encryption key to be retrieved (CVE-2023-45184) or decoded using a brute force attack (CVE-2023-45182). IBM has addressed these CVEs by providing a fix to IBM i Access Client Solutions as described in the remediation/fixes section.
CVEID:CVE-2023-45184
**DESCRIPTION:**IBM i Access Client Solutions could allow an attacker to obtain a decryption key due to improper authority checks.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/268270 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVEID:CVE-2023-45182
**DESCRIPTION:**IBM i Access Client Solutions is vulnerable to having its key for an encrypted password decoded. By somehow gaining access to the encrypted password, a local attacker could exploit this vulnerability to obtain the password to other systems.
CVSS Base score: 7.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/268265 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N)
CVEID:CVE-2023-45185
**DESCRIPTION:**IBM i Access Client Solutions could allow an attacker to execute remote code. Due to improper authority checks the attacker could perform operations on the PC under the user’s authority.
CVSS Base score: 7.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/268273 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L)
Affected Product(s) | Version(s) |
---|---|
IBM i Access Family | 1.1.2 - 1.1.4, |
1.1.4.3 - 1.1.9.3 |
The issue can be fixed by upgrading to version 1.1.9.4 or later. See IBM i Access Client Solutions updates for the latest version available.
Product(s)
|
Version(s)
|
Remediation/Fix/Instructions
—|—|—
IBM i Access Client Solutions
|
1.1.2 - 1.1.4,
1.1.4.3 - 1.1.9.3
|
The current version of IBM i Access Client Solutions is available at Downloads.
Or you may download it from the general IBM i software site at
Entitled Systems Support (ESS).
None.
CPE | Name | Operator | Version |
---|---|---|---|
ibm i access family | ge | 1.1.2 | |
ibm i access family | le | 1.1.4 |
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.7 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
32.0%