IBM Informix JDBC Driver 4.10 and 4.50 is susceptible to remote code execution attack via JNDI injection when driver code or the application using the driver do not verify supplied LDAP URL in Connect String. IBM X-Force ID: 249511.
References
| Link | Resource |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/249511 | VDB Entry Vendor Advisory |
| https://www.ibm.com/support/pages/node/7007615 | Patch Vendor Advisory |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/249511 | VDB Entry Vendor Advisory |
| https://www.ibm.com/support/pages/node/7007615 | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 07:53
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/249511 - VDB Entry, Vendor Advisory | |
| References | () https://www.ibm.com/support/pages/node/7007615 - Patch, Vendor Advisory | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.3 |
06 Jul 2023, 18:09
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | CWE-94 | |
| First Time |
Ibm
Ibm informix Jdbc Driver |
|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
| CPE | cpe:2.3:a:ibm:informix_jdbc_driver:*:*:*:*:*:*:*:* cpe:2.3:a:ibm:informix_jdbc_driver:4.10:*:*:*:*:*:*:* |
|
| References | (MISC) https://www.ibm.com/support/pages/node/7007615 - Patch, Vendor Advisory | |
| References | (MISC) https://exchange.xforce.ibmcloud.com/vulnerabilities/249511 - VDB Entry, Vendor Advisory |
28 Jun 2023, 16:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-06-28 16:15
Updated : 2024-11-21 07:53
NVD link : CVE-2023-27866
Mitre link : CVE-2023-27866
CVE.ORG link : CVE-2023-27866
JSON object : View
Products Affected
ibm
- informix_jdbc_driver
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')