CVE-2023-42006: 
NixOS vulnerability analysis and mitigation

IBM Administration Runtime Expert for i versions 7.2, 7.3, 7.4, and 7.5 contains a security vulnerability identified as CVE-2023-42006. The vulnerability was disclosed on December 1, 2023, and allows local users to obtain sensitive information due to improper authority checks (IBM Support).

The vulnerability has been assigned a CVSS v3.1 Base Score of 5.5 (MEDIUM) by NIST with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. However, IBM Corporation assessed it with a higher CVSS Base Score of 8.4 (HIGH) and vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. The vulnerability is classified under CWE-863: Incorrect Authorization (NVD).

The vulnerability could allow a local user to obtain sensitive information stored in files, including passwords. The high confidentiality impact rating indicates that the attacker can gain access to sensitive data (IBM Support).

IBM has released fixes for all affected versions through PTF SI84843. The PTF can be applied to IBM i versions 7.2, 7.3, 7.4, and 7.5. No workarounds are available for this vulnerability, making patch installation the only mitigation option (IBM Support).