PT-2023-8435 · Ibm · Ibm I Access Client Solutions
Maksymilian Kubiak
+1
·
Published
2023-12-14
·
Updated
2024-04-30
·
CVE-2023-45185
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
IBM i Access Client Solutions versions 1.1.2 through 1.1.4
IBM i Access Client Solutions versions 1.1.4.3 through 1.1.9.3
Description
The issue is related to insufficient authorization procedure in the IBM i Access Client Solutions, allowing a remote attacker to execute arbitrary code due to improper authority checks. This could enable the attacker to perform operations on the PC under the user's authority.
Recommendations
For versions 1.1.2 through 1.1.4, update to a version outside of this range to mitigate the risk.
For versions 1.1.4.3 through 1.1.9.3, update to a version outside of this range to mitigate the risk.
As a temporary workaround, consider restricting access to sensitive operations on the PC to minimize the risk of exploitation.
Fix
Incorrect Authorization
Deserialization of Untrusted Data
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Ibm I Access Client Solutions