Month: December 2023

​With iSecurity PGP Encryption files can be automatically encrypted and transmitted to recipients. Received files can be automatically decrypted and processed by user applications. This process can be used with any type of Native or IFS file or directory. Read More 

​I was alerted this morning by Stephan Schüttler that a new version of Access Client Solutions, ACS, is available. I see that the bug that did not display that an update was available has been fixed as when I checked I received the window shown below.

Read more » Read More 

​We are so proud to launch yet another #ibmioss open source project. This time it is a super flexible and powerful HTTP/HTTPS client for #ibmi ILE environment.… Read More 

​IBM i Access Client Solutions is vulnerable to remote code execution due to a flaw which fails to authenticate the origin of a serialized object (CVE-2023-45185), and insecurely storing passwords by allowing the password encryption key to be retrieved (CVE-2023-45184) or decoded using a brute force attack (CVE-2023-45182).
DESCRIPTION: IBM i Access Client Solutions could allow an attacker to obtain a decryption key due to improper authority checks. Read More 

​Three serious security vulnerabilities in IBM i Access Client Solutions and six in Merlin were disclosed and patched by IBM last week. The flaws could allow attackers to commit a range of crimes, from executing arbitrary code and denial of service attacks, to obtaining sensitive data on IBM i conducting phishing attacks. All of the flaws – including another three reported by IBM in November – should be patched immediately.
IBM published a security bulletin December 8 covering all three of the ACS flaws, which impact ACS versions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3. The fix is to download …
The post ACS, Merlin Hit With Serious Security Vulnerabilities appeared first on IT Jungle. Read More