CVE-2023-35895 – IBM Informix JDBC code execution
https://notcve.org/view.php?id=CVE-2023-35895
IBM Informix JDBC Driver 4.10 and 4.50 is susceptible to remote code execution attack via JNDI injection when passing an unchecked argument to a certain API. IBM X-Force ID: 259116. IBM Informix JDBC Driver 4.10 y 4.50 es susceptible a ataques de ejecución remota de código mediante inyección JNDI al pasar un argumento no marcado a una determinada API. ID de IBM X-Force: 259116. • https://exchange.xforce.ibmcloud.com/vulnerabilities/259116 https://www.ibm.com/support/pages/node/7099762 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2023-27866 – IBM Informix JDBC code execution
https://notcve.org/view.php?id=CVE-2023-27866
IBM Informix JDBC Driver 4.10 and 4.50 is susceptible to remote code execution attack via JNDI injection when driver code or the application using the driver do not verify supplied LDAP URL in Connect String. IBM X-Force ID: 249511. • https://exchange.xforce.ibmcloud.com/vulnerabilities/249511 https://www.ibm.com/support/pages/node/7007615 • CWE-94: Improper Control of Generation of Code ('Code Injection') •