Ibm I Access Client Solutions vulnerabilities
5 known vulnerabilities affecting ibm/i_access_client_solutions.
Total CVEs
5
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2024-22318MEDIUMCVSS 5.5PoC≥ 1.1.2, ≤ 1.1.4≥ 1.1.4.3, ≤ 1.1.9.42024-02-09
CVE-2024-22318 [MEDIUM] CWE-327 CVE-2024-22318: IBM i Access Client Solutions (ACS) 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.4 is vulnerable to
IBM i Access Client Solutions (ACS) 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.4 is vulnerable to NT LAN Manager (NTLM) hash disclosure by an attacker modifying UNC capable paths within ACS configuration files to point to a hostile server. If NTLM is enabled, the Windows operating system will try to authenticate using the current user's session.
cvelistv5nvd
CVE-2023-45184HIGHCVSS 7.5≥ 1.1.2, ≤ 1.1.4≥ 1.1.4.3, < 1.1.9.4+1 more2023-12-14
CVE-2023-45184 [HIGH] CWE-922 CVE-2023-45184: IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 could allow an attacke
IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 could allow an attacker to obtain a decryption key due to improper authority checks. IBM X-Force ID: 268270.
cvelistv5nvd
CVE-2023-45185HIGHCVSS 8.8≥ 1.1.2, ≤ 1.1.4≥ 1.1.4.3, < 1.1.9.4+1 more2023-12-14
CVE-2023-45185 [HIGH] CWE-863 CVE-2023-45185: IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 could allow an attacke
IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 could allow an attacker to execute remote code. Due to improper authority checks the attacker could perform operations on the PC under the user's authority. IBM X-Force ID: 268273.
cvelistv5nvd
CVE-2023-45182MEDIUMCVSS 6.5≥ 1.1.2, ≤ 1.1.4≥ 1.1.4.3, < 1.1.9.4+1 more2023-12-14
CVE-2023-45182 [MEDIUM] CWE-922 CVE-2023-45182:
IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 is vulnerable to havi
IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 is vulnerable to having its key for an encrypted password decoded. By somehow gaining access to the encrypted password, a local attacker could exploit this vulnerability to obtain the password to other systems. IBM X-Force ID: 268265.
cvelistv5nvd
CVE-2022-40746MEDIUMCVSS 6.7≥ 1.1.2, ≤ 1.1.4≥ 1.1.4.3, ≤ 1.1.9.02022-11-21
CVE-2022-40746 [MEDIUM] CWE-77 CVE-2022-40746: IBM i Access Family 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.0 could allow a local authenticate
IBM i Access Family 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.0 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability. By placing a specially crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system. I
nvd