IBM i Access Family 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.0 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability. By placing a specially crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 236581.
References
Link | Resource |
---|---|
https://exchange.xforce.ibmcloud.com/vulnerabilities/236581 | VDB Entry Vendor Advisory |
https://www.ibm.com/support/pages/node/6840359 | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
07 Nov 2023, 03:52
Type | Values Removed | Values Added |
---|---|---|
Summary | IBM i Access Family 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.0 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability. By placing a specially crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 236581. |
23 Nov 2022, 17:21
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://exchange.xforce.ibmcloud.com/vulnerabilities/236581 - VDB Entry, Vendor Advisory | |
References | (MISC) https://www.ibm.com/support/pages/node/6840359 - Patch, Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.7 |
CWE | CWE-427 | |
First Time |
Ibm
Microsoft windows Microsoft Ibm i Access Client Solutions |
|
CPE | cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* cpe:2.3:a:ibm:i_access_client_solutions:*:*:*:*:*:*:*:* |
21 Nov 2022, 18:29
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-11-21 18:15
Updated : 2023-12-10 14:48
NVD link : CVE-2022-40746
Mitre link : CVE-2022-40746
CVE.ORG link : CVE-2022-40746
JSON object : View
Products Affected
ibm
- i_access_client_solutions
microsoft
- windows