CVE-2023-45185

HIGH

IBM i Access Client Solutions 1.1.2-1.1.4 and 1.1.4.3-1.1.9.3 - Remote Code Execution via Improper Authority Checks

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-45185. PoCs published by afine-com.

AI-analyzed exploit summary This repository provides a detailed technical analysis of CVE-2023-45185, an insecure deserialization vulnerability in IBM i Access Client Solutions. It includes a step-by-step walkthrough of the exploitation process, demonstrating how an attacker can achieve remote code execution by leveraging ysoserial payloads.

Description

IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 could allow an attacker to execute remote code. Due to improper authority checks the attacker could perform operations on the PC under the user's authority. IBM X-Force ID: 268273.

Exploits (1)

nomisec WRITEUP
by afine-com · poc
https://github.com/afine-com/CVE-2023-45185

This repository provides a detailed technical analysis of CVE-2023-45185, an insecure deserialization vulnerability in IBM i Access Client Solutions. It includes a step-by-step walkthrough of the exploitation process, demonstrating how an attacker can achieve remote code execution by leveraging ysoserial payloads.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: IBM i Access Client Solutions < 1.1.9.4
No auth needed
Prerequisites: Access to the target network · Presence of IBM i Access Client Solutions running on the target system
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2
Core References
Vendor Advisory vendor-advisory
https://www.ibm.com/support/pages/node/7091942

Scores

CVSS v3 7.4
EPSS 0.0099
EPSS Percentile 58.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

Details

CWE
CWE-863
Status published
Products (1)
ibm/i_access_client_solutions 1.1.2 - 1.1.4
Published Dec 14, 2023
Tracked Since Feb 18, 2026