2 matches found
CVE-2024-49342
CVE-2024-49342 affects IBM Informix Dynamic Server 12.10 and 14.10. Root cause: inadequate account lockout enabling remote brute-force credential attempts. Impact per sources: high (CVE base score 7.5). Remediation: apply fixes in IBM Informix HQ (versions 12.10.xC16W2, 14.10.xC11W1) or HQ 3.0.0 ...
Security Bulletin: Informix HQ is vulnerable to HTML injection and does not lock out users after multiple incorrect password attempts.
Summary The Informix HQ "alerting configuration" feature is vulnerable to HTML injection because it accepts HTML scripts in the script Location field and only affects their own session, not any other user sessions. Additionally, the Informix HQ application does not enforce a lockout policy, even...