Question & Answer
Question
What considerations should an IBM i Access Client Solutions (IBM i ACS) customer take when a software security scan reports that it is exposed to a CVE vulnerability?
Answer
IBM i Access Client Solutions (IBM i ACS) includes several embedded open‑source software components. Because of this, it is not unusual for external security scanners to flag one of these components as having a vulnerability documented in a CVE.
When this occurs, start by verifying the update level of your installed version of IBM i ACS and compare it with the most recent level available here:
https://www.ibm.com/support/pages/ibm-i-access-acs-updates
https://www.ibm.com/support/pages/ibm-i-access-acs-updates
If an update is available, install it and then re‑run your security scan. IBM regularly scans its own software, and any confirmed vulnerabilities are addressed in a timely manner. In many cases, IBM updates the embedded open‑source component to a mitigating version even if IBM i ACS is not actually vulnerable based on how the component is used.
If IBM i ACS is affected by a known, confirmed vulnerability, IBM publishes that information through an official IBM Product Security Bulletin as described here:
https://www.ibm.com/trust/security-bulletins
https://www.ibm.com/trust/security-bulletins
You can search published security bulletins by CVE number here:
https://www.ibm.com/support/pages/bulletin/search/
https://www.ibm.com/support/pages/bulletin/search/
IBM’s official policy is that the only authoritative confirmation of vulnerability or exposure for any IBM product is a published Security Bulletin. Support and Development teams cannot confirm or deny vulnerability status prior to the release of an official bulletin.
Because IBM does not publish a security bulletin until a mitigation is available, any confirmed IBM i ACS security issue would be documented no earlier than in conjunction with the next update.
[{"Type":"MASTER","Line of Business":{"code":"LOB66","label":"Technology Lifecycle Services"},"Business Unit":{"code":"BU070","label":"IBM Infrastructure"},"Product":{"code":"SSRQKY","label":"IBM i Access Client Solutions"},"ARM Category":[{"code":"a8m0z0000000CTpAAM","label":"IBM i Access-\u003EAccess Client Solutions"}],"ARM Case Number":"","Platform":[{"code":"PF012","label":"IBM i"}],"Version":"1.1.8;and future releases"}]
Was this topic helpful?
Document Information
Modified date:
13 February 2026
UID
ibm17260535