CVE-2023-27866 MEDIUM

CVE-2023-27866: IBM Informix JDBC code execution

Vendor Ibm
Product Informix JDBC
Weakness CWE-94 · Code injection
Published June 28, 2023
Last update October 28, 2024

CVSS base score

6.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

IBM Informix JDBC Driver 4.10 and 4.50 is susceptible to remote code execution attack via JNDI injection when driver code or the application using the driver do not verify supplied LDAP URL in Connect String. IBM X-Force ID: 249511.

Key dates

02Disclosure timeline

June 28, 2023 CVE published
October 28, 2024 Record updated