CVE-2023-45182 — Insecure Storage of Sensitive Information in IBM I Access Client Solutions

CWE-922 — Insecure Storage of Sensitive Information3 documents3 sources

Severity

6.5MEDIUMNVD

CNA7.4

EPSS

0.6%

top 29.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM I Access Client Solutions

Timeline

PublishedDec 14

Description

IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 is vulnerable to having its key for an encrypted password decoded. By somehow gaining access to the encrypted password, a local attacker could exploit this vulnerability to obtain the password to other systems. IBM X-Force ID: 268265.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:NExploitability: 2.0 | Impact: 4.0

Affected Packages2 packages

▶NVDibm/i_access_client_solutions1.1.4.3 — 1.1.9.4+1

▶CVEListV5ibm/i_access_client_solutions1.1.4.3 — 1.1.9.3+1

🔴Vulnerability Details

CVEList

IBM i Access Client Solutions information disclosure↗2023-12-14

▶

GHSA

GHSA-cgcm-7w4q-57f9: IBM i Access Client Solutions 1↗2023-12-14

▶