CVE-2023-45185 - OpenCVE

IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 could allow an attacker to execute remote code. Due to improper authority checks the attacker could perform operations on the PC under the user's authority. IBM X-Force ID: 268273.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	I Access Client Solutions

Configuration 1 [-]

OR	cpe:2.3:a:ibm:i_access_client_solutions::::::::
	cpe:2.3:a:ibm:i_access_client_solutions::::::::

No data.

References

Link	Providers
https://exchange.xforce.ibmcloud.com/vulnerabilities/268273
https://www.ibm.com/support/pages/node/7091942

History

No history.

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2023-12-14T14:04:36.190Z

Updated: 2024-08-02T20:14:19.861Z

Reserved: 2023-10-05T01:39:10.397Z

Link: CVE-2023-45185

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-12-14T14:15:42.553

Modified: 2024-04-30T15:15:50.887

Link: CVE-2023-45185

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-45185", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2023-10-05T01:39:10.397Z", "datePublished": "2023-12-14T14:04:36.190Z", "dateUpdated": "2024-08-02T20:14:19.861Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "i Access Client Solutions", "vendor": "IBM", "versions": [{"lessThanOrEqual": "1.1.4", "status": "affected", "version": "1.1.2", "versionType": "semver"}, {"lessThanOrEqual": "1.1.9.3", "status": "affected", "version": "1.1.4.3", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 could allow an attacker to execute remote code. Due to improper authority checks the attacker could perform operations on the PC under the user's authority. IBM X-Force ID: 268273."}], "value": "IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 could allow an attacker to execute remote code. Due to improper authority checks the attacker could perform operations on the PC under the user's authority. IBM X-Force ID: 268273."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-863", "description": "CWE-863 Incorrect Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2024-04-30T14:56:59.283Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.ibm.com/support/pages/node/7091942"}, {"tags": ["vdb-entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/268273"}], "source": {"discovery": "UNKNOWN"}, "title": "IBM i Access Client Solutions code execution", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T20:14:19.861Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://www.ibm.com/support/pages/node/7091942"}, {"tags": ["vdb-entry", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/268273"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:i_access_client_solutions:*:*:*:*:*:*:*:*", "matchCriteriaId": "531AF116-53A2-47C9-944E-C7E2CA2ADF9B", "versionEndIncluding": "1.1.4", "versionStartIncluding": "1.1.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:i_access_client_solutions:*:*:*:*:*:*:*:*", "matchCriteriaId": "C30A55A7-E0D8-48B0-96A7-7E93B9A14916", "versionEndExcluding": "1.1.9.4", "versionStartIncluding": "1.1.4.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 could allow an attacker to execute remote code. Due to improper authority checks the attacker could perform operations on the PC under the user's authority. IBM X-Force ID: 268273."}, {"lang": "es", "value": "IBM i Access Client Solutions versiones 1.1.2 a 1.1.4 y 1.1.4.3 a 1.1.9.3 podr\u00edan permitir a un atacante ejecutar c\u00f3digo remoto. Debido a controles de autoridad inadecuados, el atacante podr\u00eda realizar operaciones en la PC bajo la autoridad del usuario. ID de IBM X-Force: 268273."}], "id": "CVE-2023-45185", "lastModified": "2024-04-30T15:15:50.887", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 3.7, "source": "psirt@us.ibm.com", "type": "Secondary"}]}, "published": "2023-12-14T14:15:42.553", "references": [{"source": "psirt@us.ibm.com", "tags": ["VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/268273"}, {"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/7091942"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-863"}], "source": "psirt@us.ibm.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-863"}], "source": "nvd@nist.gov", "type": "Secondary"}]}