CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
77.7%
IBM Informix JDBC Driver is susceptible to remote code execution attack. This vulnerability is addressed.
CVEID:CVE-2023-27866
**DESCRIPTION:**IBM Informix JDBC Driver is susceptible to remote code execution attack via JNDI injection when driver code or the application using the driver do not verify supplied LDAP URL in Connect String.
CVSS Base score: 6.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/249511 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)
Affected Product(s) | Version(s) |
---|---|
Informix JDBC | 4.10.x |
Informix JDBC | 4.50.x |
Customers running any vulnerable fixpack level of an affected Program can download a fix from Fix Central.
Visit the following URL -
https://www.ibm.com/resources/mrs/assets?source=ifxids
None.
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | informix_jdbc | 4.10. | cpe:2.3:a:ibm:informix_jdbc:4.10.:*:*:*:*:*:*:* |
ibm | informix_jdbc | 4.50. | cpe:2.3:a:ibm:informix_jdbc:4.50.:*:*:*:*:*:*:* |
ibm | informix_jdbc | 4.50 | cpe:2.3:a:ibm:informix_jdbc:4.50:*:*:*:*:*:*:* |
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
77.7%