05 June 2024 IBM i Security Alert: ACS, Apache Commons Compress (04/23/2024)

New vulnerability discovered in IBM i Access Client Solutions due to vulnerabilities in the Apache Commons Compress library. IBM has identified 2 main forms of attack for this flaw, index 5.5, and they both involve the same practice.
In fact, by persuading a victim to open a certain type of specially designed file, an attacker can exploit the flaw to cause a denial of service. If the file is a pack200, the denial of service is caused by a memory denial, whereas if the file is in DUMP format, the denial of service will be caused by an infinite loop.
To remedy this potential danger, simply update ACS to the latest version(1.1.9.5 at least).
You can find details of this bulletin by clicking on the following link:
https://lnkd.in/etqiH3hg

Posted in

Latest news

Alert

IBM i Security Alert: Ethernet recovery for certain IBM i adapters (12/03/2025)

12 March 2025
Read more
Alert

IBM i Security Alert: Database bypass denial of service (12/02/2025)

25 February 2025
Read more
Alert

IBM i Security Alert: Privilege elevation (02/25/2025)

25 February 2025
Read more
Alert

IBM i Security Alert: Vulnerabilities in the Java SDK (11/02/2025)

11 February 2025
Read more
Alert

IBM i Security Alert: RDi XStream (27/01/2025)

27 January 2025
Read more
Alert

IBM i Security Alert: IBM PowerHA SystemMirror (13/01/2025)

13 January 2025
Read more
Alert

IBM i Security Alert: 2 critical vulnerabilities in Rational Developer for i (RDi)!(10/12/2024)

10 December 2024
Read more
Alert

IBM i Security Alert: 4 vulnerabilities in the IBM HTTP Server! (09/12/2024)

09 December 2024
Read more