CVE-2023-45182

HIGH

IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 - Information Disclosure

Title source: llm
STIX 2.1

Description

IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 is vulnerable to having its key for an encrypted password decoded. By somehow gaining access to the encrypted password, a local attacker could exploit this vulnerability to obtain the password to other systems. IBM X-Force ID: 268265.

Exploits (1)

nomisec WORKING POC
by afine-com · poc
https://github.com/afine-com/CVE-2023-45182

References (2)

Scores

CVSS v3 7.4
EPSS 0.0063
EPSS Percentile 70.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

Details

CWE
CWE-922
Status published
Products (1)
ibm/i_access_client_solutions 1.1.2 - 1.1.4
Published Dec 14, 2023
Tracked Since Feb 18, 2026