Security Bulletin: Multiple security vulnerabilities related to Angular and JJWT have been fixed in IBM Informix HQ 3.2.2.

Summary IBM Informix HQ versions before 3.2.2 are affected by several security flaws in third-party components Angular and JJWT. These vulnerabilities have been fixed in IBM Informix HQ 3.2.2. Vulnerability Details CVEID:CVE-2026-27970 DESCRIPTION: Angular is a development platform for building...

CVE-2026-35554 vulnerabilities

Vulnerabilities for packages: druid, strimzi-kafka-operator, thingsboard, debezium, debezium-connector-informix, logstash, debezium-connector-vitess, debezium-connector-spanner, opensearch, wildfly, debezium-connector-ibmi, apache-nifi, debezium-connector-db2...

GHSA-5QCV-4RPC-JP93 vulnerabilities

Vulnerabilities for packages: druid, strimzi-kafka-operator, thingsboard, debezium, debezium-connector-informix, logstash, debezium-connector-vitess, debezium-connector-spanner, opensearch, wildfly, debezium-connector-ibmi, apache-nifi, debezium-connector-db2...

GHSA-5QCV-4RPC-JP93 vulnerabilities

Vulnerabilities for packages: hono, strimzi-kafka-operator-fips, druid, opensearch, logstash, debezium-connector-ibmi, opensearch-fips, apache-nifi, seata, debezium-connector-db2, debezium-connector-informix, thingsboard, knative-kafka-broker-fips, debezium, wildfly, strimzi-kafka-operator,...

CVE-2026-35554 vulnerabilities

Vulnerabilities for packages: hono, strimzi-kafka-operator-fips, druid, opensearch, logstash, debezium-connector-ibmi, opensearch-fips, apache-nifi, seata, debezium-connector-db2, debezium-connector-informix, thingsboard, knative-kafka-broker-fips, debezium, wildfly, strimzi-kafka-operator,...

Security Bulletin: IBM Informix 12.10.xC16W6 updated to use the latest version of Java to address the Java vulnerabilities.

Summary IBM's Java version has been updated to 8.0.8.60 with Informix 12.10.xC16W6 to address multiple IBM Java vulnerabilities Vulnerability Details CVEID:CVE-2026-1188 DESCRIPTION: In the Eclipse OMR port library component since release 0.2.0, an API function to return the textual names of all...

Informix-INFORMIXDIR-bof-exploit

informix-informixdir-bof A root shell exploit for a stack-bas...

CVE-2025-1991

IBM Informix Dynamic Server 12.10,14.10, and15.0 could allow a remote attacker to cause a denial of service due to an integer underflow when processing packets...

CVE-2024-45675

IBM Informix Dynamic Server 14.10 could allow a local user on the system to log into the Informix server as administrator without a password...

CVE-2024-45675

IBM Informix Dynamic Server 14.10 could allow a local user on the system to log into the Informix server as administrator without a password...

CVE-2024-45675

IBM Informix Dynamic Server 14.10 could allow a local user on the system to log into the Informix server as administrator without a password...

CVE-2024-45675

CVE-2024-45675 affects IBM Informix Dynamic Server 14.10 on Windows, where a local user can log into the Informix server as administrator without a password due to authentication bypass in DB-Access. The issue is confirmed by multiple sources, including IBM’s bulletin detailing vulnerable configu...

EUVD-2024-55112

IBM Informix Dynamic Server 14.10 could allow a local user on the system to log into the Informix server as administrator without a password...

CVE-2024-45675 IBM Informix Dynamic Server Authentication Bypass

IBM Informix Dynamic Server 14.10 could allow a local user on the system to log into the Informix server as administrator without a password...

CVE-2024-45675 IBM Informix Dynamic Server Authentication Bypass

IBM Informix Dynamic Server 14.10 could allow a local user on the system to log into the Informix server as administrator without a password...

PT-2025-48607

IBM Informix Dynamic Server 14.10 could allow a local user on the system to log into the Informix server as administrator without a password...

IBM Informix Dynamic Server 安全漏洞

IBM Informix Dynamic Server IDS is a scalable object-relational database server from International Business Machines IBM that provides continuous data availability and disaster recovery, among other features, for clustered data centers. A security vulnerability exists in IBM Informix Dynamic Serv...

Security Bulletin: On Windows, any local user can connect to the Informix Server as another user without requiring a password.

Summary Using DB-Access, any local user can connect as another user without needing a password. However, only the designated login user should be allowed to connect without a password. Vulnerability Details CVEID:CVE-2024-45675 DESCRIPTION: IBM Informix Dynamic Server could allow a local user on...

Security Bulletin: IBM Informix updated to use the latest version of Netty to handle the Netty vulnerability.

Summary Netty version updated to 4.1.118.Final in Informix 12.10.xC16W2 and 4.1.121.Final in Informix 14.10.XC12. Vulnerability Details CVEID:CVE-2024-47535 DESCRIPTION: Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance...

CVE-2025-10702

Improper Control of Generation of Code 'Code Injection' vulnerability in Progress DataDirect Connect for JDBC drivers, Progress DataDirect Open Access JDBC driver and Hybrid Data Pipeline allows Remote Code Inclusion. The SpyAttribute connection option implemented by the DataDirect Connect for JD...