2 results (0.002 seconds)

CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0

CVE-2023-35895 – IBM Informix JDBC code execution

https://notcve.org/view.php?id=CVE-2023-35895

20 Dec 2023 — IBM Informix JDBC Driver 4.10 and 4.50 is susceptible to remote code execution attack via JNDI injection when passing an unchecked argument to a certain API. IBM X-Force ID: 259116. IBM Informix JDBC Driver 4.10 y 4.50 es susceptible a ataques de ejecución remota de código mediante inyección JNDI al pasar un argumento no marcado a una determinada API. ID de IBM X-Force: 259116. • https://exchange.xforce.ibmcloud.com/vulnerabilities/259116 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0

CVE-2023-27866 – IBM Informix JDBC code execution

https://notcve.org/view.php?id=CVE-2023-27866

28 Jun 2023 — IBM Informix JDBC Driver 4.10 and 4.50 is susceptible to remote code execution attack via JNDI injection when driver code or the application using the driver do not verify supplied LDAP URL in Connect String. IBM X-Force ID: 249511. • https://exchange.xforce.ibmcloud.com/vulnerabilities/249511 • CWE-94: Improper Control of Generation of Code ('Code Injection') •