CVE-2023-23470: 
NixOS vulnerability analysis and mitigation

IBM i versions 7.2, 7.3, 7.4, and 7.5 contain a vulnerability that could allow an authenticated privileged administrator to gain elevated privileges in non-default configurations. The vulnerability (CVE-2023-23470) was disclosed on May 4, 2023, and stems from improper SQL processing that enables administrators to perform additional unauthorized administrative operations through specially crafted SQL operations (IBM Advisory).

The vulnerability has been assigned a CVSS v3.1 Base Score of 6.4 (MEDIUM) by IBM Corporation with the vector string CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H. However, NIST's NVD assessment rates it as 7.2 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H. The vulnerability is related to SQL injection (CWE-89) according to NIST's assessment (NVD).

The vulnerability affects the confidentiality, integrity, and availability of the system with high severity ratings for all three aspects. When successfully exploited, it allows authenticated administrators to perform unauthorized administrative operations beyond their intended privileges (IBM Advisory).

IBM has released fixes for all affected versions through PTFs: SI82753 for v7.5, SI82754 for v7.4, SI82755 for v7.3, and SI82756 for v7.2. These patches can be obtained through IBM's Fix Central. No workarounds are available, making patch installation the only mitigation option (IBM Advisory).