Login Sign Up

CVE-2023-45185

7.4 HIGH
Remote Code Execution

📋 TL;DR

This vulnerability in IBM i Access Client Solutions allows attackers to execute remote code on affected PCs by exploiting improper authority checks. Attackers could perform operations under the user's authority, potentially compromising the system. Users running vulnerable versions of IBM i Access Client Solutions are affected.

💻 Affected Systems

Products:
  • IBM i Access Client Solutions
Versions: 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3
Operating Systems: Windows, Linux, macOS
Default Config Vulnerable: ⚠️ Yes
Notes: All installations within affected version ranges are vulnerable regardless of configuration.

📦 What is this software?

I Access Client Solutions by Ibm

View all CVEs affecting I Access Client Solutions →

I Access Client Solutions by Ibm

View all CVEs affecting I Access Client Solutions →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with attacker gaining complete control over the PC, potentially leading to data theft, ransomware deployment, or lateral movement within the network.

🟠

Likely Case

Attacker executes malicious code with user privileges, potentially stealing credentials, accessing sensitive files, or installing malware.

🟢

If Mitigated

Limited impact with proper network segmentation, least privilege principles, and updated antivirus preventing successful exploitation.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires some level of access or social engineering to trigger the vulnerability.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.1.9.4 and later

Vendor Advisory: https://www.ibm.com/support/pages/node/7091942

Restart Required: Yes

Instructions:

1. Download IBM i Access Client Solutions 1.1.9.4 or later from IBM Fix Central. 2. Uninstall current version. 3. Install updated version. 4. Restart the system.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict network access to IBM i Access Client Solutions to trusted networks only

User Privilege Reduction

all

Run IBM i Access Client Solutions with minimal user privileges

🧯 If You Can't Patch

  • Disable or uninstall IBM i Access Client Solutions if not required
  • Implement strict network controls and monitor for suspicious activity

🔍 How to Verify

Check if Vulnerable:

Check Help > About in IBM i Access Client Solutions to see if version is between 1.1.2-1.1.4 or 1.1.4.3-1.1.9.3

Check Version:

Not applicable - use GUI Help > About menu

Verify Fix Applied:

Verify version is 1.1.9.4 or later in Help > About

📡 Detection & Monitoring

Log Indicators:

  • Unexpected process execution from IBM i Access Client Solutions
  • Unusual network connections from the application

Network Indicators:

  • Suspicious outbound connections from IBM i Access Client Solutions

SIEM Query:

source="IBM i Access Client Solutions" AND (event_type="process_execution" OR event_type="network_connection")

📊 Metadata

CVE ID: CVE-2023-45185
CVSS v3 Score: 7.4 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
CWE: CWE-863
Published: December 14, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-45185, you might also want to check these:

CVE-2023-4617 10.0

This vulnerability allows remote attackers to bypass authorization controls in the Govee Home mobile...

Same vulnerability type (CWE-863)
CVE-2025-54253 10.0

CVE-2025-54253 is a critical misconfiguration vulnerability in Adobe Experience Manager Forms that a...

Same vulnerability type (CWE-863)
CVE-2021-38503 10.0

This vulnerability allows malicious iframes to bypass sandbox restrictions when loading XSLT stylesh...

Same vulnerability type (CWE-863)