CVE-2023-23470SQL Injection in IBM I

CWE-89SQL InjectionCWE-79Cross-site Scripting3 documents3 sources
Severity
7.2HIGHNVD
CNA6.4
EPSS
0.1%
top 75.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM I
Timeline
PublishedMay 4

Description

IBM i 7.2, 7.3, 7.4, and 7.5 could allow an authenticated privileged administrator to gain elevated privileges in non-default configurations, as a result of improper SQL processing. By using a specially crafted SQL operation, the administrator could exploit the vulnerability to perform additional administrator operations. IBM X-Force ID: 244510.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

CVEListV5ibm/i7.2, 7.3, 7.4, 7.5
NVDibm/i4 versions+3

🔴Vulnerability Details

2
GHSA
GHSA-5q43-fxm7-9fhw: IBM i 72023-05-04
CVEList
IBM i privilege escalation2023-05-04
CVE-2023-23470 — SQL Injection in IBM I | cvebase