CVE-2023-45182 - OpenCVE

IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 is vulnerable to having its key for an encrypted password decoded. By somehow gaining access to the encrypted password, a local attacker could exploit this vulnerability to obtain the password to other systems. IBM X-Force ID: 268265.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	I Access Client Solutions

Configuration 1 [-]

OR	cpe:2.3:a:ibm:i_access_client_solutions::::::::
	cpe:2.3:a:ibm:i_access_client_solutions::::::::

No data.

References

Link	Providers
https://exchange.xforce.ibmcloud.com/vulnerabilities/268265
https://www.ibm.com/support/pages/node/7091942

History

No history.

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2023-12-14T14:02:28.609Z

Updated: 2024-08-02T20:14:19.741Z

Reserved: 2023-10-05T01:38:58.206Z

Link: CVE-2023-45182

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-12-14T14:15:42.333

Modified: 2023-12-18T19:40:38.003

Link: CVE-2023-45182

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-45182", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2023-10-05T01:38:58.206Z", "datePublished": "2023-12-14T14:02:28.609Z", "dateUpdated": "2024-08-02T20:14:19.741Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "i Access Client Solutions", "vendor": "IBM", "versions": [{"lessThanOrEqual": "1.1.4", "status": "affected", "version": "1.1.2", "versionType": "semver"}, {"lessThanOrEqual": "1.1.9.3", "status": "affected", "version": "1.1.4.3", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 is vulnerable to having its key for an encrypted password decoded. By somehow gaining access to the encrypted password, a local attacker could exploit this vulnerability to obtain the password to other systems. IBM X-Force ID: 268265.</span>\n\n"}], "value": "\nIBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 is vulnerable to having its key for an encrypted password decoded. By somehow gaining access to the encrypted password, a local attacker could exploit this vulnerability to obtain the password to other systems. IBM X-Force ID: 268265.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-922", "description": "CWE-922 Insecure Storage of Sensitive Information", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2023-12-14T14:05:36.153Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.ibm.com/support/pages/node/7091942"}, {"tags": ["vdb-entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/268265"}], "source": {"discovery": "UNKNOWN"}, "title": "IBM i Access Client Solutions information disclosure", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T20:14:19.741Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://www.ibm.com/support/pages/node/7091942"}, {"tags": ["vdb-entry", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/268265"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:i_access_client_solutions:*:*:*:*:*:*:*:*", "matchCriteriaId": "531AF116-53A2-47C9-944E-C7E2CA2ADF9B", "versionEndIncluding": "1.1.4", "versionStartIncluding": "1.1.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:i_access_client_solutions:*:*:*:*:*:*:*:*", "matchCriteriaId": "C30A55A7-E0D8-48B0-96A7-7E93B9A14916", "versionEndExcluding": "1.1.9.4", "versionStartIncluding": "1.1.4.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "\nIBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 is vulnerable to having its key for an encrypted password decoded. By somehow gaining access to the encrypted password, a local attacker could exploit this vulnerability to obtain the password to other systems. IBM X-Force ID: 268265.\n\n"}, {"lang": "es", "value": "IBM i Access Client Solutions 1.1.2 a 1.1.4 y 1.1.4.3 a 1.1.9.3 es vulnerable a que se decodifique su clave para una contrase\u00f1a cifrada. Al obtener acceso de alguna manera a la contrase\u00f1a cifrada, un atacante local podr\u00eda aprovechar esta vulnerabilidad para obtener la contrase\u00f1a de otros sistemas. ID de IBM X-Force: 268265."}], "id": "CVE-2023-45182", "lastModified": "2023-12-18T19:40:38.003", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.0, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 3.7, "source": "psirt@us.ibm.com", "type": "Secondary"}]}, "published": "2023-12-14T14:15:42.333", "references": [{"source": "psirt@us.ibm.com", "tags": ["VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/268265"}, {"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/7091942"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-922"}], "source": "psirt@us.ibm.com", "type": "Primary"}]}