CVE-2022-43857: 
NixOS vulnerability analysis and mitigation

CVE-2022-43857 affects IBM Navigator for i versions 7.3, 7.4, and 7.5. The vulnerability allows authenticated users to access IBM Navigator for i log files they are authorized to but not while using the interface. Users can bypass interface checks and download log files by modifying servlet filter (IBM Security).

The vulnerability has been assigned a CVSS Base score of 4.3 with a vector string of CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N. The weakness is categorized as CWE-22 (Improper Limitation of a Pathname to a Restricted Directory). The vulnerability requires network access and low privilege level for exploitation (IBM Security).

If exploited, this vulnerability allows authenticated users to bypass interface checks and gain unauthorized access to log files through the interface. The impact is primarily limited to confidentiality, with no direct impact on integrity or availability of the system (IBM Security).

IBM has released fixes for this vulnerability through PTFs (Program Temporary Fixes) included in the IBM HTTP Server for i Group PTF. The specific PTF levels required are: SF99952 level 5 for version 7.5, SF99662 level 25 for version 7.4, and SF99722 level 42 for version 7.3. IBM recommends that all users running unsupported versions upgrade to supported and fixed versions of affected products (IBM Security).