CVE-2023-45185 — Incorrect Authorization in IBM I Access Client Solutions

CWE-863 — Incorrect Authorization CWE-502 — Deserialization of Untrusted Data3 documents3 sources

Severity

8.8HIGHNVD

CNA7.4

EPSS

1.5%

top 18.75%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM I Access Client Solutions

Timeline

PublishedDec 14

Description

IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 could allow an attacker to execute remote code. Due to improper authority checks the attacker could perform operations on the PC under the user's authority. IBM X-Force ID: 268273.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶NVDibm/i_access_client_solutions1.1.4.3 — 1.1.9.4+1

▶CVEListV5ibm/i_access_client_solutions1.1.4.3 — 1.1.9.3+1

🔴Vulnerability Details

GHSA

GHSA-r5pw-wrg5-wrfp: IBM i Access Client Solutions 1↗2023-12-14

▶

CVEList

IBM i Access Client Solutions code execution↗2023-12-14

▶