CVE-2022-40746

Name of the Vulnerable Software and Affected Versions IBM i Access Family versions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.0

Description The issue allows a local authenticated attacker to execute arbitrary code on the system due to a DLL search order hijacking vulnerability. An attacker could exploit this by placing a specially crafted file in a compromised folder, enabling the execution of arbitrary code on the system.

Recommendations For IBM i Access Family versions 1.1.2 through 1.1.4, update to a version outside of this range to mitigate the risk. For IBM i Access Family versions 1.1.4.3 through 1.1.9.0, update to a version outside of this range to mitigate the risk. As a temporary workaround, consider restricting access to compromised folders to minimize the risk of exploitation.