CVE-2023-27866
6.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Summary
IBM Informix JDBC Driver 4.10 and 4.50 is susceptible to remote code execution attack via JNDI injection when driver code or the application using the driver do not verify supplied LDAP URL in Connect String. IBM X-Force ID: 249511.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| IBM | Informix JDBC | 4.10, 4.50 | affected |
Weaknesses
- CWE-94: CWE-94 Improper Control of Generation of Code ('Code Injection')
ADP Enrichment
CVE Program Container
Additional References
- https://www.ibm.com/support/pages/node/7007615
- https://exchange.xforce.ibmcloud.com/vulnerabilities/249511
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://www.ibm.com/support/pages/node/7007615
- https://exchange.xforce.ibmcloud.com/vulnerabilities/249511
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.