CVE-2026-7770 IBM i Access Client Solutions (ACS) is vulnerable to remote code execution when configured to listen for requests from IBM i Navigator

IBM i Access Family 1.1.5.0 through 1.1.9.12 IBM i Access Client Solutions ACS is vulnerable to remote code execution when configured to listen for requests from IBM i Navigator...

CVE-2026-7770 IBM i Access Client Solutions (ACS) is vulnerable to remote code execution when configured to listen for requests from IBM i Navigator

IBM i Access Family 1.1.5.0 through 1.1.9.12 IBM i Access Client Solutions ACS is vulnerable to remote code execution when configured to listen for requests from IBM i Navigator...

CVE-2023-45184

IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 could allow an attacker to obtain a decryption key due to improper authority checks. IBM X-Force ID: 268270...

CVE-2023-45185

IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 could allow an attacker to execute remote code. Due to improper authority checks the attacker could perform operations on the PC under the user's authority. IBM X-Force ID: 268273...

EUVD-2023-49489

Malicious code in bioql PyPI...

EUVD-2023-49492

Malicious code in bioql PyPI...

EUVD-2023-49491

Malicious code in bioql PyPI...

EUVD-2024-19879

Malicious code in bioql PyPI...

CVE-2024-22318

IBM i Access Client Solutions ACS 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.4 is vulnerable to NT LAN Manager NTLM hash disclosure by an attacker modifying UNC capable paths within ACS configuration files to point to a hostile server. If NTLM is enabled, the Windows operating system will try ...

CVE-2023-45182

IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 is vulnerable to having its key for an encrypted password decoded. By somehow gaining access to the encrypted password, a local attacker could exploit this vulnerability to obtain the password to other systems. IBM...

Security Bulletin: IBM i Access Client Solutions is vulnerable to DLL hijacking when run on a Windows operating system (CVE-2022-40746)

Summary IBM i Access Client Solutions is vulnerable to DLL hijacking when certain features are run on a Windows operating system that leverage native code. IBM has addressed this CVE by providing a fix to IBM i Access Client Solutions as described in the remediation/fixes section. Vulnerability...

The vulnerability of the cross-platform access control system IBM i Access Client Solutions, related to improper session management, allows a hacker to intercept the user’s session and disclose sensitive information about the NT LAN Manager hash (NTLM).

The vulnerability of the cross-platform access control system IBM i Access Client Solutions is related to improper session management. Exploiting this vulnerability can allow an attacker to intercept a user’s session and disclose sensitive information about the NT LAN Manager hash NTLM...

Security Bulletin: IBM i Access Client Solutions is vulnerable to a remote attacker bypassing integrity checks in Apache Mina SSHD Common (CVE-2023-48795)

Summary IBM i Access Client Solutions is vulnerable to a remote attacker bypassing integrity checks CVE-2023-48795 found in Apache Mina SSHD Common. Apache Mina SSHD Common is used by the Open Source Package Manager feature of IBM i Access Client Solutions when authenticating to the IBM i server...

Security Bulletin: IBM i Access Client Solutions is vulnerable to an infinite loop or out of memory error due to vulnerabilities in Apache Commons Compress.

Summary IBM i Access Client Solutions is vulnerable to an infinite loop CVE-2024-25710 or an out of memory error CVE-2024-26308 in Apache Commons Compress. Apache Commons Compress is used by the Data Transfer feature of IBM i Access Client Solutions when transferring data from reading xls and xls...

IBM i Access Client Solutions v1.1.2 - 1.1.4, v1.1.4.3 - 1.1.9.4 - Remote Credential Theft

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/IBMIACCESSCLIENTREMOTECREDENTIALTHEFTCVE-2024-22318.txt + twitter.com/hyp3rlinx + ISR: ApparitionSec Vendor www.ibm.com Product IBM i Access Client Solutions Versions All...

IBM i Access Client Solutions Authorization Issues Vulnerability

IBM i is a suite of operating systems from International Business Machines IBM running in IBM Power Systems and IBM PureSystems. An authorization issue vulnerability exists in IBM i Access Client Solutions that stems from vulnerability to a hash disclosure attack, which can be exploited by a...

IBM i Access Client Solutions Remote Credential Theft Vulnerability

IBM i Access Client Solutions ACS versions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.4 suffer from a remote credential theft vulnerability. + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source:...

CVE-2024-22318

IBM i Access Client Solutions ACS 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.4 is vulnerable to NT LAN Manager NTLM hash disclosure by an attacker modifying UNC capable paths within ACS configuration files to point to a hostile server. If NTLM is enabled, the Windows operating system will try ...

CVE-2024-22318 IBM i Access Client Solutions information disclosure

IBM i Access Client Solutions ACS 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.4 is vulnerable to NT LAN Manager NTLM hash disclosure by an attacker modifying UNC capable paths within ACS configuration files to point to a hostile server. If NTLM is enabled, the Windows operating system will try ...

CVE-2024-22318 IBM i Access Client Solutions information disclosure

IBM i Access Client Solutions ACS 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.4 is vulnerable to NT LAN Manager NTLM hash disclosure by an attacker modifying UNC capable paths within ACS configuration files to point to a hostile server. If NTLM is enabled, the Windows operating system will try ...