CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
33.8%
IBM i is vulnerable to an authenticated administrator gaining elevated privileges due to improper SQL processing as described in the vulnerability details section. IBM i has addressed the vulnerability in the SQL processing as described in the remediation/fixes section.
CVEID:CVE-2023-23470
**DESCRIPTION:**IBM i could allow an authenticated privileged administrator to gain elevated privileges in non-default configurations, as a result of improper SQL processing. By using a specially crafted SQL operation, the administrator could exploit the vulnerability to perform additional administrator operations.
CVSS Base score: 6.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/244510 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)
Affected Product(s) | Version(s) |
---|---|
IBM i | 7.5 |
IBM i | 7.4 |
IBM i | 7.3 |
IBM i | 7.2 |
The issue can be fixed by applying a PTF to IBM i. IBM i releases 7.5, 7.4, 7.3, and 7.2 will be fixed.
The IBM i PTF numbers for IBM i base operating system contains the fix for the vulnerability.
IBM i Release| 5770-SS1
PTF Number| PTF Download Link
—|—|—
7.5| SI82753| <https://www.ibm.com/support/pages/ptf/SI82753>
7.4| SI82754| <https://www.ibm.com/support/pages/ptf/SI82754>
7.3| SI82755| <https://www.ibm.com/support/pages/ptf/SI82755>
7.2| SI82756| <https://www.ibm.com/support/pages/ptf/SI82756>
<https://www.ibm.com/support/fixcentral>
Important note: IBM recommends that all users running unsupported versions of affected products upgrade to supported and fixed version of affected products.
None
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | planning_analytics | 7.2.0 | cpe:2.3:a:ibm:planning_analytics:7.2.0:*:*:*:*:*:*:* |
ibm | ibm_i_7.5_preventative_service_planning | 7.5.0 | cpe:2.3:a:ibm:ibm_i_7.5_preventative_service_planning:7.5.0:*:*:*:*:*:*:* |
ibm | planning_analytics | 7.4.0 | cpe:2.3:a:ibm:planning_analytics:7.4.0:*:*:*:*:*:*:* |
ibm | i | 7.5.0 | cpe:2.3:o:ibm:i:7.5.0:*:*:*:*:*:*:* |
ibm | i | 7.4.0 | cpe:2.3:o:ibm:i:7.4.0:*:*:*:*:*:*:* |
ibm | i | 7.3.0 | cpe:2.3:o:ibm:i:7.3.0:*:*:*:*:*:*:* |
ibm | i | 7.2.0 | cpe:2.3:o:ibm:i:7.2.0:*:*:*:*:*:*:* |
ibm | planning_analytics | 7.3.0 | cpe:2.3:a:ibm:planning_analytics:7.3.0:*:*:*:*:*:*:* |
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
33.8%