CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 2CVE-2024-22318 – IBM i Access Client Solutions information disclosure
https://notcve.org/view.php?id=CVE-2024-22318
09 Feb 2024 — IBM i Access Client Solutions (ACS) 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.4 is vulnerable to NT LAN Manager (NTLM) hash disclosure by an attacker modifying UNC capable paths within ACS configuration files to point to a hostile server. If NTLM is enabled, the Windows operating system will try to authenticate using the current user's session. The hostile server could capture the NTLM hash information to obtain the user's credentials. IBM X-Force ID: 279091. IBM i Access Client Solutions (ACS) 1.1.2 a ... • https://packetstorm.news/files/id/177069 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-384: Session Fixation •
CVSS: 9.0EPSS: 1%CPEs: 2EXPL: 1CVE-2023-45185 – IBM i Access Client Solutions code execution
https://notcve.org/view.php?id=CVE-2023-45185
14 Dec 2023 — IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 could allow an attacker to execute remote code. Due to improper authority checks the attacker could perform operations on the PC under the user's authority. IBM X-Force ID: 268273. IBM i Access Client Solutions versiones 1.1.2 a 1.1.4 y 1.1.4.3 a 1.1.9.3 podrían permitir a un atacante ejecutar código remoto. Debido a controles de autoridad inadecuados, el atacante podría realizar operaciones en la PC bajo la autoridad del usuario.... • https://github.com/afine-com/CVE-2023-45185 • CWE-863: Incorrect Authorization •
CVSS: 7.4EPSS: 0%CPEs: 2EXPL: 1CVE-2023-45182 – IBM i Access Client Solutions information disclosure
https://notcve.org/view.php?id=CVE-2023-45182
14 Dec 2023 — IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 is vulnerable to having its key for an encrypted password decoded. By somehow gaining access to the encrypted password, a local attacker could exploit this vulnerability to obtain the password to other systems. IBM X-Force ID: 268265. IBM i Access Client Solutions 1.1.2 a 1.1.4 y 1.1.4.3 a 1.1.9.3 es vulnerable a que se decodifique su clave para una contraseña cifrada. Al obtener acceso de alguna manera a la contraseña cifrada, un... • https://github.com/afine-com/CVE-2023-45182 • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 7.8EPSS: 3%CPEs: 2EXPL: 1CVE-2023-45184 – IBM i Access Client Solutions
https://notcve.org/view.php?id=CVE-2023-45184
14 Dec 2023 — IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 could allow an attacker to obtain a decryption key due to improper authority checks. IBM X-Force ID: 268270. IBM i Access Client Solutions versiones 1.1.2 a 1.1.4 y 1.1.4.3 a 1.1.9.3 podrían permitir a un atacante obtener una clave de descifrado debido a comprobaciones de autoridad inadecuadas. ID de IBM X-Force: 268270. • https://github.com/afine-com/CVE-2023-45184 • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2022-40746
https://notcve.org/view.php?id=CVE-2022-40746
21 Nov 2022 — IBM i Access Family 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.0 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability. By placing a specially crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 236581. IBM i Access Family 1.1.2 a 1.1.4 y 1.1.4.3 a 1.1.9.0 podría permitir que un atacante autenticado local ejecute código arbitrario en el s... • https://exchange.xforce.ibmcloud.com/vulnerabilities/236581 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1888
https://notcve.org/view.php?id=CVE-2018-1888
04 Jan 2019 — An untrusted search path vulnerability in IBM i Access for Windows versions 7.1 and earlier on Windows can allow arbitrary code execution via a Trojan horse DLL in the current working directory, related to use of the LoadLibrary function. IBM X-Force ID: 152079. Una vulnerabilidad de ruta de búsqueda no fiable en las versiones 7.1 y anteriores de IBM i Access for Windows, en Windows, podría permitir la ejecución de código arbitrario mediante un troyano DLL en el actual directorio de trabajo, el cual está re... • http://www.securityfocus.com/bid/106455 • CWE-426: Untrusted Search Path •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2015-0114
https://notcve.org/view.php?id=CVE-2015-0114
28 Aug 2017 — Stack-based buffer overflow in IBM V5R4, and IBM i Access for Windows 6.1 and 7.1. Existe una vulnerabilidad de desbordamiento de búfer basado en pila en IBM V5R4 y en IBM i Access para Windows 6.1 y 7.1. • http://www-01.ibm.com/support/docview.wss?uid=nas8N1020540 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2016-0287
https://notcve.org/view.php?id=CVE-2016-0287
08 Jul 2016 — IBM i Access 7.1 on Windows allows local users to discover registry passwords via unspecified vectors. IBM i Access 7.1 en Windows permite a usuarios locales descubrir las contraseñas de registro a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=nas8N1021418 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-254: 7PK - Security Features •
CVSS: 4.0EPSS: 0%CPEs: 2EXPL: 0CVE-2015-7416
https://notcve.org/view.php?id=CVE-2015-7416
02 Jan 2016 — AFP Workbench Viewer in IBM i Access 7.1 on Windows allows remote attackers to cause a denial of service (viewer crash) via a crafted workbench file. AFP Workbench Viewer en IBM i Access 7.1 en Windows permite a atacantes remotos provocar una denegación de servicio (caída de visor) a través de un archivo workbench manipulado. • http://www-01.ibm.com/support/docview.wss?uid=nas8N1020995 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 2CVE-2015-7422 – IBM i Access 7.1 - Local Buffer Overflow / Code Execution
https://notcve.org/view.php?id=CVE-2015-7422
19 Nov 2015 — Buffer overflow in IBM i Access 7.1 on Windows allows local users to cause a denial of service (application crash) via unspecified vectors. Desbordamiento del buffer en IBM i Access 7.1 en Windows permite a usuarios locales provocar una denegación de servicio (caída de aplicación) a través de vectores no especificados. IBM i Access for Windows is vulnerability to a stack buffer overflow denial of service vulnerability. • https://packetstorm.news/files/id/134433 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •