Lucene search

K
ibmIBM741F72151C9E1D79C45CD0B44C8BA02F55C6FAA48E243B3851C8DBA8ADD3BF01
HistoryApr 02, 2024 - 3:30 p.m.

Security Bulletin: IBM Informix JDBC Driver is susceptible to remote code execution

2024-04-0215:30:24
www.ibm.com
19
ibm informix
jdbc driver
remote code execution
vulnerability
jndi injection
api
ibm fix central

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.5

Confidence

High

EPSS

0.003

Percentile

69.0%

Summary

In informix-jdbc-complete, there is a method, com.informix.jdbcx.IfxConnectionPoolManager.<constructor>, designed to create a connection pool manager. Passing an unchecked argument to this API can lead to the execution of arbitrary commands.

Vulnerability Details

**CVEID:**CVE-2023-35895 DESCRIPTION: IBM Informix JDBC Driver is susceptible to remote code execution attack via JNDI injection when passing an unchecked argument to a certain API.
CVSS Base score: 6.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/259116 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)

Affected Products and Versions

Affected Product(s) Version(s)
Informix JDBC 4.10.x
Informix JDBC 4.50.x

Remediation/Fixes

IBM Informix JDBC 4.50.J10W1 is available through IBM Fix Central.

IBM Informix JDBC.4.10.JC16W1.ALL is available through IBM Fix Central.

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibminformix_jdbcMatch4.5
VendorProductVersionCPE
ibminformix_jdbc4.5cpe:2.3:a:ibm:informix_jdbc:4.5:*:*:*:*:*:*:*

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.5

Confidence

High

EPSS

0.003

Percentile

69.0%

Related for 741F72151C9E1D79C45CD0B44C8BA02F55C6FAA48E243B3851C8DBA8ADD3BF01