Vulnerabilities > IBM > I Access Client Solutions

DATE CVE VULNERABILITY TITLE RISK
2024-02-09 CVE-2024-22318 Session Fixation vulnerability in IBM I Access Client Solutions
IBM i Access Client Solutions (ACS) 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.4 is vulnerable to NT LAN Manager (NTLM) hash disclosure by an attacker modifying UNC capable paths within ACS configuration files to point to a hostile server.
local
low complexity
ibm CWE-384
5.5
2023-12-14 CVE-2023-45182 Insecure Storage of Sensitive Information vulnerability in IBM I Access Client Solutions
IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 is vulnerable to having its key for an encrypted password decoded.
local
low complexity
ibm CWE-922
6.5
2023-12-14 CVE-2023-45185 Incorrect Authorization vulnerability in IBM I Access Client Solutions
IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 could allow an attacker to execute remote code.
network
low complexity
ibm CWE-863
8.8
2023-12-14 CVE-2023-45184 Insecure Storage of Sensitive Information vulnerability in IBM I Access Client Solutions
IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 could allow an attacker to obtain a decryption key due to improper authority checks.
network
low complexity
ibm CWE-922
7.5
2022-11-21 CVE-2022-40746 Uncontrolled Search Path Element vulnerability in IBM I Access Client Solutions
IBM i Access Family 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.0 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability.
local
high complexity
ibm CWE-427
6.7