Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in Progress DataDirect JDBC drivers

Summary Multiple vulnerabilities in Progress DataDirect JDBC drivers that are used by InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2025-10702 DESCRIPTION: Improper Control of Generation of Code 'Code Injection' vulnerability in Progress DataDirect Connect for JDBC...

CVE-2025-10703

CVE-2025-10703 is a code injection vulnerability tied to the SpyAttribute log=(file) option in Progress DataDirect JDBC drivers and related DataDirect products (DataDirect Connect for JDBC, OpenAccess JDBC, Hybrid Data Pipeline JDBC/Server). The issue arises when an application allows an end user...

CVE-2025-10702

Improper Control of Generation of Code 'Code Injection' vulnerability in Progress DataDirect Connect for JDBC drivers, Progress DataDirect Open Access JDBC driver and Hybrid Data Pipeline allows Remote Code Inclusion. The SpyAttribute connection option implemented by the DataDirect Connect for JD...

CVE-2025-10702

CVE-2025-10702 is a code-injection vulnerability in Progress DataDirect JDBC family (DataDirect Connect for JDBC, OpenAccess JDBC, and Hybrid Data Pipeline). The issue centers on the SpyAttribute connection option, which can be used with an undocumented syntax to load an arbitrary class on the cl...

CVE-2025-10702

Improper Control of Generation of Code 'Code Injection' vulnerability in Progress DataDirect Connect for JDBC drivers, Progress DataDirect Open Access JDBC driver and Hybrid Data Pipeline allows Remote Code Inclusion. The SpyAttribute connection option implemented by the DataDirect Connect for JD...

Progress多款产品 代码注入漏洞

Progress Hybrid Data Pipeline and others are products of Progress, Inc.Progress Hybrid Data Pipeline is a data pipeline software.Progress Hybrid Data Pipeline Server is a data pipeline server. Progress DataDirect Connect for JDBC is a set of high-performance JDBC drivers. A code injection...

PT-2025-47466

Name of the Vulnerable Software and Affected Versions Progress DataDirect Connect for JDBC for Amazon Redshift versions through 6.0.0.001392 Progress DataDirect Connect for JDBC for Apache Cassandra versions through 6.0.0.000805 Progress DataDirect Connect for JDBC for Hive versions through...

PT-2025-47467

Name of the Vulnerable Software and Affected Versions DataDirect Connect for JDBC for Amazon Redshift versions through 6.0.0.001392 DataDirect Connect for JDBC for Apache Cassandra versions through 6.0.0.000805 DataDirect Connect for JDBC for Hive versions through 6.0.1.001499 DataDirect Connect...

Progress多款产品 代码注入漏洞

Progress Hybrid Data Pipeline and others are products of Progress, Inc.Progress Hybrid Data Pipeline is a data pipeline software.Progress Hybrid Data Pipeline Server is a data pipeline server. Progress DataDirect Connect for JDBC is a set of high-performance JDBC drivers. A code injection...

EUVD-2012-3111

Malware in sbrugna...

EUVD-2023-38444

Malicious code in bioql PyPI...

EUVD-2023-38443

Malicious code in bioql PyPI...

CVE-2023-34364

A buffer overflow was discovered in Progress DataDirect Connect for ODBC before 08.02.2770 for Oracle. An overly large value for certain options of a connection string may overrun the buffer allocated to process the string value. This allows an attacker to execute code of their choice on an...

CVE-2023-34363

An issue was discovered in Progress DataDirect Connect for ODBC before 08.02.2770 for Oracle. When using Oracle Advanced Security OAS encryption, if an error is encountered initializing the encryption object used to encrypt data, the code falls back to a different encryption mechanism that uses a...

CVE-2012-3133

Buffer overflow in the DataDirect ODBC driver, as used in Oracle Hyperion Interactive Reporting 11.1.2.1 and 11.1.2.2, Essbase Server 11.1.2.1 and 11.1.2.2, Production Reporting Server 11.1.2.1 and 11.1.2.2, and Integration Services Server 11.1.2.1 and 11.1.2.2 has unknown impact and attack vecto...

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in OpenSSL (CVE-2024-6119)

Summary A vulnerability in OpenSSL used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2024-6119 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an error when performing certificate name checks e.g., TLS clients checking server certificate...

Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in Progress DataDirect Connect for ODBC

Summary Multiple vulnerabilities in Progress DataDirect Connect for ODBC used by IBM InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2023-34363 DESCRIPTION: Progress DataDirect Connect for ODBC could allow a remote attacker to obtain sensitive information, caused by...

Security Bulletin: IBM InfoSphere Information Server is affected by a denial of service vulnerability in JSON-java (CVE-2023-5072)

Summary A denial of service vulnerability in JSON-java used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2023-5072 DESCRIPTION: JSON-java is vulnerable to a denial of service, caused by a bug in the parser. By sending a specially crafted request, a remote...

Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in OpenSSL

Summary Multiple vulnerabilities in OpenSSL used by InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2022-4450 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a double-free error related to the improper handling of specific PEM data by the...

CVE-2023-34363

An issue was discovered in Progress DataDirect Connect for ODBC before 08.02.2770 for Oracle. When using Oracle Advanced Security OAS encryption, if an error is encountered initializing the encryption object used to encrypt data, the code falls back to a different encryption mechanism that uses a...