RE: FLASH: Security Bulletin: IBM i Access Client Solutions is vulnerable to remote code execution and failing to secure passwords due to multiple vulnerabilities (2023.12.08)

Clicking all three of those CVEs return "No results can be retrieved by using the search term." but you can search for them on the site. Unfortunately, there is no information on any of those three CVEs.

Anyone know whether the vulns require physical access to the client?

Dan Bale
Specialty Developer III

-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of Michael Mayer
Sent: Friday, December 8, 2023 11:00 AM
To: midrange-l@xxxxxxxxxxxxxxxxxx
Cc: Michael Mayer <michael.mayer@xxxxxxxxxxxxx>
Subject: FW: FLASH: Security Bulletin: IBM i Access Client Solutions is vulnerable to remote code execution and failing to secure passwords due to multiple vulnerabilities (2023.12.08)
Importance: High

I just received this notification. As I'm reading it, the remediation instructions show new version of ACS 1.1.9.4.

<snip>

I can't speak for anyone else but most of us here are more than aware of the goings on in IBM i nation. I don't recall seeing anything about ACS 1.1.9.4. Anyone else??

<snip>
*** CONFIDENTIALITY NOTICE: The information contained in this communication may be confidential, and is intended only for the use of the recipients named above. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this communication, or any of its contents, is strictly prohibited. If you have received this communication in error, please return it to the sender immediately and delete the original message and any copy of it from your computer system. If you have any questions concerning this message, please contact the sender. ***