CVE-2023-23470

Name of the Vulnerable Software and Affected Versions IBM i versions 7.2 through 7.5

Description The issue is related to improper SQL processing, allowing an authenticated privileged administrator to gain elevated privileges in non-default configurations. By using a specially crafted SQL operation, the administrator could exploit this to perform additional administrator operations. The vulnerability is associated with a lack of protection for the SQL query structure, which could be exploited by a remote attacker to elevate their privileges.

Recommendations For IBM i versions 7.2 through 7.5, consider restricting access to SQL operations until a proper fix is applied, and ensure that all configurations are reviewed to prevent non-default settings from being exploited. At the moment, there is no information about a newer version that contains a fix for this vulnerability.