IBM i Access Client Solutions code execution
Description
IBM i Access Client Solutions versions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 are vulnerable to remote code execution due to improper authority checks on serialized objects.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
IBM i Access Client Solutions versions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 are vulnerable to remote code execution due to improper authority checks on serialized objects.
Vulnerability
IBM i Access Client Solutions (ACS) versions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 are affected by CVE-2023-45185, a remote code execution vulnerability. The flaw lies in the software's failure to authenticate the origin of a serialized object, allowing an attacker to execute arbitrary code. This occurs due to improper authority checks enabling operations under the user's privileges.
Exploitation
An attacker needs network access and requires authentication to the system, as the CVSS vector indicates a privilege required (PR:L). The attacker can send a specially crafted serialized object to the target system. No user interaction is needed, and the attack can be launched remotely.
Impact
Successful exploitation allows the attacker to execute remote code on the affected system under the user's authority. This can lead to partial compromise of confidentiality, integrity, and availability (CVSS: C:L/I:L/A:L) with a scope change to other components (S:C).
Mitigation
IBM has released a fix for this vulnerability. Users should update IBM i Access Client Solutions to a patched version as detailed in the IBM security bulletin [1]. Apply the recommended updates from the Fix Central or contact IBM support for guidance. No workarounds are mentioned; patching is the sole mitigation.
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2>=1.1.2 <=1.1.4, >=1.1.4.3 <=1.1.9.3+ 1 more
- (no CPE)range: >=1.1.2 <=1.1.4, >=1.1.4.3 <=1.1.9.3
- (no CPE)range: 1.1.2
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
2- www.ibm.com/support/pages/node/7091942mitrevendor-advisory
- exchange.xforce.ibmcloud.com/vulnerabilities/268273mitrevdb-entry
News mentions
0No linked articles in our index yet.