CVE-2022-40746

HIGH

IBM I Access Client Solutions < 1.1.4 - Command Injection

Title source: rule

Description

IBM i Access Family 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.0 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability. By placing a specially crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 236581.

References (2)

[VDB Entry, Vendor Advisory] https://exchange.xforce.ibmcloud.com/vulnerabilities/236581

[Patch, Vendor Advisory] https://www.ibm.com/support/pages/node/6840359

Scores

CVSS v3 7.2

EPSS 0.0019

EPSS Percentile 40.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

Classification

CWE

CWE-427 CWE-77

Status published

Affected Products (1)

ibm/i_access_client_solutions < 1.1.4

Timeline

Published Nov 21, 2022

Tracked Since Feb 18, 2026