Vulnerabilities > CVE-2023-45182 - Insecure Storage of Sensitive Information vulnerability in IBM I Access Client Solutions

CVSS 6.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

local

low complexity

ibm

CWE-922

NVD

Published: 2023-12-14

Updated: 2023-12-18

Summary

IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 is vulnerable to having its key for an encrypted password decoded. By somehow gaining access to the encrypted password, a local attacker could exploit this vulnerability to obtain the password to other systems. IBM X-Force ID: 268265.

Vulnerable Configurations

Part	Description	Count
Application	Ibm IBM I Access Client Solutions 1.1.2 IBM I Access Client Solutions 1.1.4 IBM I Access Client Solutions 1.1.4.3 IBM I Access Client Solutions 1.1.9.0 IBM I Access Client Solutions 1.1.9.3 IBM I Access Client Solutions 1.1.9.4	6

Common Weakness Enumeration (CWE)

CWE-922 - Insecure Storage of Sensitive Information

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References