7.2 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
0.0004 Low
EPSS
Percentile
5.1%
IBM i Access Client Solutions is vulnerable to DLL hijacking when certain features are run on a Windows operating system that leverage native code. IBM has addressed this CVE by providing a fix to IBM i Access Client Solutions as described in the remediation/fixes section.
CVEID:CVE-2022-40746
**DESCRIPTION:**IBM i Access Family could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability. By placing a specially crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 7.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/236581 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H)
Affected Product(s) | Version(s) |
---|---|
IBM i Access Client Solutions | 1.1.2 - 1.1.4, |
1.1.4.3 - 1.1.9.0 |
The issue can be fixed by upgrading to version 1.1.9.1 or later. See IBM i Access Client Solutions updates for the latest version available.
Affected Product(s) | Version(s) | Remediation/Fix/Instructions |
---|---|---|
IBM i Access Client Solutions | 1.1.2 - 1.1.4, | |
1.1.4.3 - 1.1.9.0 |
The current version of IBM i Access Client Solutions is available at Downloads.
Or you may download it from the general IBM i software site at
Entitled Systems Support (ESS).
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm i access client solutions | ge | 1.1.2 | |
ibm i access client solutions | le | 1.1.4 |
7.2 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
0.0004 Low
EPSS
Percentile
5.1%