Medium severity5.1NVD Advisory· Published Feb 9, 2024· Updated Jun 17, 2026
CVE-2024-22318
CVE-2024-22318
Description
IBM i Access Client Solutions (ACS) 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.4 is vulnerable to NT LAN Manager (NTLM) hash disclosure by an attacker modifying UNC capable paths within ACS configuration files to point to a hostile server. If NTLM is enabled, the Windows operating system will try to authenticate using the current user's session. The hostile server could capture the NTLM hash information to obtain the user's credentials. IBM X-Force ID: 279091.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
21.1.2 - 1.1.4, 1.1.4.3 - 1.1.9.4+ 1 more
- (no CPE)range: 1.1.2 - 1.1.4, 1.1.4.3 - 1.1.9.4
- (no CPE)range: 1.1.2
Patches
Vulnerability mechanics
References
4- packetstormsecurity.com/files/177069/IBM-i-Access-Client-Solutions-Remote-Credential-Theft.htmlnvdThird Party AdvisoryVDB Entry
- seclists.org/fulldisclosure/2024/Feb/7nvdMailing ListThird Party Advisory
- www.ibm.com/support/pages/node/7116091nvdVendor Advisory
- exchange.xforce.ibmcloud.com/vulnerabilities/279091nvdVDB Entry
News mentions
0No linked articles in our index yet.