IBM I Access Client Solutions
By the Year
In 2024 there have been 1 vulnerability in IBM I Access Client Solutions with an average score of 5.5 out of ten. Last year I Access Client Solutions had 3 security vulnerabilities published. Right now, I Access Client Solutions is on track to have less security vulnerabilities in 2024 than it did last year. Last year, the average CVE base score was greater by 2.10
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 1 | 5.50 |
| 2023 | 3 | 7.60 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new I Access Client Solutions vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent IBM I Access Client Solutions Security Vulnerabilities
IBM i Access Client Solutions (ACS) 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.4 is vulnerable to NT LAN Manager (NTLM) hash disclosure by an attacker modifying UNC capable paths within ACS configuration files to point to a hostile server
CVE-2024-22318
5.5 - Medium
- February 09, 2024
IBM i Access Client Solutions (ACS) 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.4 is vulnerable to NT LAN Manager (NTLM) hash disclosure by an attacker modifying UNC capable paths within ACS configuration files to point to a hostile server. If NTLM is enabled, the Windows operating system will try to authenticate using the current user's session. The hostile server could capture the NTLM hash information to obtain the user's credentials. IBM X-Force ID: 279091.
Session Fixation
IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 could allow an attacker to execute remote code
CVE-2023-45185
8.8 - High
- December 14, 2023
IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 could allow an attacker to execute remote code. Due to improper authority checks the attacker could perform operations on the PC under the user's authority. IBM X-Force ID: 268273.
AuthZ
IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 is vulnerable to having its key for an encrypted password decoded
CVE-2023-45182
6.5 - Medium
- December 14, 2023
IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 is vulnerable to having its key for an encrypted password decoded. By somehow gaining access to the encrypted password, a local attacker could exploit this vulnerability to obtain the password to other systems. IBM X-Force ID: 268265.
Insecure Storage of Sensitive Information
IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 could
CVE-2023-45184
7.5 - High
- December 14, 2023
IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 could allow an attacker to obtain a decryption key due to improper authority checks. IBM X-Force ID: 268270.
Insecure Storage of Sensitive Information
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for IBM I Access Client Solutions or by IBM? Click the Watch button to subscribe.
