Search criteria
150 vulnerabilities found for informix_dynamic_server by ibm
FKIE_CVE-2024-45675
Vulnerability from fkie_nvd - Published: 2025-12-02 03:16 - Updated: 2025-12-03 17:26
Severity ?
8.4 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
IBM Informix Dynamic Server 14.10 could allow a local user on the system to log into the Informix server as administrator without a password.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7252704 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | informix_dynamic_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:*:*:*:*:-:*:*:*",
"matchCriteriaId": "720F935C-B26C-4789-AC64-54A7B955FD14",
"versionEndExcluding": "14.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Informix Dynamic Server 14.10 could allow a local user on the system to log into the Informix server as administrator without a password."
}
],
"id": "CVE-2024-45675",
"lastModified": "2025-12-03T17:26:23.860",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.5,
"impactScore": 5.9,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-12-02T03:16:14.587",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7252704"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-309"
}
],
"source": "psirt@us.ibm.com",
"type": "Primary"
}
]
}
FKIE_CVE-2024-49342
Vulnerability from fkie_nvd - Published: 2025-07-28 16:15 - Updated: 2025-08-06 17:13
Severity ?
Summary
IBM Informix Dynamic Server 12.10 and 14.10 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7240777 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | informix_dynamic_server | 12.10 | |
| ibm | informix_dynamic_server | 14.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:-:*:*:-:*:*:*",
"matchCriteriaId": "0DF4C5FA-F078-4F65-AE4A-3F6DECE5B61A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:14.10:*:*:*:*:*:*:*",
"matchCriteriaId": "B33D65F4-09CB-4C6C-8D0D-D9EA513F4E07",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Informix Dynamic Server 12.10 and 14.10 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials."
},
{
"lang": "es",
"value": "IBM Informix Dynamic Server 12.10 y 14.10 utiliza una configuraci\u00f3n de bloqueo de cuenta inadecuada que podr\u00eda permitir que un atacante remoto obtenga credenciales de cuenta por fuerza bruta."
}
],
"id": "CVE-2024-49342",
"lastModified": "2025-08-06T17:13:27.220",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Primary"
}
]
},
"published": "2025-07-28T16:15:24.220",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7240777"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-307"
}
],
"source": "psirt@us.ibm.com",
"type": "Primary"
}
]
}
FKIE_CVE-2024-49343
Vulnerability from fkie_nvd - Published: 2025-07-28 16:15 - Updated: 2025-08-06 17:12
Severity ?
Summary
IBM Informix Dynamic Server 12.10 and 14.10 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7240777 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | informix_dynamic_server | 12.10 | |
| ibm | informix_dynamic_server | 14.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:-:*:*:-:*:*:*",
"matchCriteriaId": "0DF4C5FA-F078-4F65-AE4A-3F6DECE5B61A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:14.10:*:*:*:*:*:*:*",
"matchCriteriaId": "B33D65F4-09CB-4C6C-8D0D-D9EA513F4E07",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Informix Dynamic Server 12.10 and 14.10 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim\u0027s Web browser within the security context of the hosting site."
},
{
"lang": "es",
"value": "IBM Informix Dynamic Server 12.10 y 14.10 es vulnerable a la inyecci\u00f3n de HTML. Un atacante remoto podr\u00eda inyectar c\u00f3digo HTML malicioso que, al visualizarse, se ejecutar\u00eda en el navegador web de la v\u00edctima dentro del contexto de seguridad del sitio web que lo aloja."
}
],
"id": "CVE-2024-49343",
"lastModified": "2025-08-06T17:12:57.630",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "psirt@us.ibm.com",
"type": "Primary"
}
]
},
"published": "2025-07-28T16:15:24.433",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7240777"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-80"
}
],
"source": "psirt@us.ibm.com",
"type": "Primary"
}
]
}
FKIE_CVE-2025-1991
Vulnerability from fkie_nvd - Published: 2025-06-28 13:15 - Updated: 2025-08-14 01:08
Severity ?
Summary
IBM Informix Dynamic Server 12.10,14.10, and15.0 could allow a remote attacker to cause a denial of service due to an integer underflow when processing packets.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7238455 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | informix_dynamic_server | 12.10 | |
| ibm | informix_dynamic_server | 14.10 | |
| ibm | informix_dynamic_server | 15.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:-:*:*:-:*:*:*",
"matchCriteriaId": "0DF4C5FA-F078-4F65-AE4A-3F6DECE5B61A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:14.10:-:*:*:-:*:*:*",
"matchCriteriaId": "D9A2A565-D4B4-41BD-A192-FA40050C9201",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:15.0:-:*:*:-:*:*:*",
"matchCriteriaId": "5333E22F-B836-4863-8D6E-54D299AE7667",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Informix Dynamic Server 12.10,14.10, and15.0 could allow a remote attacker to cause a denial of service due to an integer underflow when processing packets."
},
{
"lang": "es",
"value": "IBM Informix Dynamic Server 12.10, 14.10 y 15.0 podr\u00eda permitir que un atacante remoto provoque una denegaci\u00f3n de servicio debido a un desbordamiento de enteros al procesar paquetes."
}
],
"id": "CVE-2025-1991",
"lastModified": "2025-08-14T01:08:22.157",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
]
},
"published": "2025-06-28T13:15:23.900",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7238455"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-191"
}
],
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-28527
Vulnerability from fkie_nvd - Published: 2023-12-09 03:15 - Updated: 2024-11-21 07:55
Severity ?
6.2 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
IBM Informix Dynamic Server 12.10 and 14.10 cdr is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow a local user to cause a segmentation fault. IBM X-Force ID: 251206.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/251206 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7070188 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/251206 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/7070188 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | informix_dynamic_server | 12.10 | |
| ibm | informix_dynamic_server | 14.10 | |
| ibm | informix_dynamic_server_on_cloud_pak_for_data | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:-:*:*:-:*:*:*",
"matchCriteriaId": "0DF4C5FA-F078-4F65-AE4A-3F6DECE5B61A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:14.10:*:*:*:*:*:*:*",
"matchCriteriaId": "B33D65F4-09CB-4C6C-8D0D-D9EA513F4E07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server_on_cloud_pak_for_data:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B43736FA-724E-4A8B-95FC-24DC4A94476D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\nIBM Informix Dynamic Server 12.10 and 14.10 cdr is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow a local user to cause a segmentation fault. IBM X-Force ID: 251206.\n\n"
},
{
"lang": "es",
"value": "IBM Informix Dynamic Server 12.10 y 14.10 cdr es vulnerable a un desbordamiento de b\u00fafer de almacenamiento din\u00e1mico, causado por una verificaci\u00f3n de los l\u00edmites incorrecta que podr\u00eda permitir que un usuario local cause un error de segmentaci\u00f3n. ID de IBM X-Force: 251206."
}
],
"id": "CVE-2023-28527",
"lastModified": "2024-11-21T07:55:17.077",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.5,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-09T03:15:07.357",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/251206"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7070188"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/251206"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7070188"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-28526
Vulnerability from fkie_nvd - Published: 2023-12-09 03:15 - Updated: 2024-11-21 07:55
Severity ?
6.2 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
IBM Informix Dynamic Server 12.10 and 14.10 archecker is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow a local user to cause a segmentation fault. IBM X-Force ID: 251204.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/251204 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7070188 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/251204 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/7070188 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | informix_dynamic_server | 12.10 | |
| ibm | informix_dynamic_server | 14.10 | |
| ibm | informix_dynamic_server_on_cloud_pak_for_data | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:-:*:*:-:*:*:*",
"matchCriteriaId": "0DF4C5FA-F078-4F65-AE4A-3F6DECE5B61A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:14.10:*:*:*:*:*:*:*",
"matchCriteriaId": "B33D65F4-09CB-4C6C-8D0D-D9EA513F4E07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server_on_cloud_pak_for_data:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B43736FA-724E-4A8B-95FC-24DC4A94476D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\nIBM Informix Dynamic Server 12.10 and 14.10 archecker is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow a local user to cause a segmentation fault. IBM X-Force ID: 251204.\n\n"
},
{
"lang": "es",
"value": "IBM Informix Dynamic Server 12.10 y 14.10 archecker es vulnerable a un desbordamiento de b\u00fafer de almacenamiento din\u00e1mico, causado por una verificaci\u00f3n de los l\u00edmites incorrecta que podr\u00eda permitir que un usuario local cause un error de segmentaci\u00f3n. ID de IBM X-Force: 251204."
}
],
"id": "CVE-2023-28526",
"lastModified": "2024-11-21T07:55:16.943",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.5,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-09T03:15:07.150",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/251204"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7070188"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/251204"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7070188"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-28523
Vulnerability from fkie_nvd - Published: 2023-12-09 03:15 - Updated: 2024-11-21 07:55
Severity ?
8.4 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
IBM Informix Dynamic Server 12.10 and 14.10 onsmsync is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow an attacker to execute arbitrary code. IBM X-Force ID: 250753.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/250753 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7070188 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/250753 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/7070188 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | informix_dynamic_server | 12.10 | |
| ibm | informix_dynamic_server | 14.10 | |
| ibm | informix_dynamic_server_on_cloud_pak_for_data | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:-:*:*:-:*:*:*",
"matchCriteriaId": "0DF4C5FA-F078-4F65-AE4A-3F6DECE5B61A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:14.10:*:*:*:*:*:*:*",
"matchCriteriaId": "B33D65F4-09CB-4C6C-8D0D-D9EA513F4E07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server_on_cloud_pak_for_data:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B43736FA-724E-4A8B-95FC-24DC4A94476D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\nIBM Informix Dynamic Server 12.10 and 14.10 onsmsync is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow an attacker to execute arbitrary code. IBM X-Force ID: 250753.\n\n"
},
{
"lang": "es",
"value": "IBM Informix Dynamic Server 12.10 y 14.10 onsmsync es vulnerable a un desbordamiento de b\u00fafer de almacenamiento din\u00e1mico, causado por una verificaci\u00f3n de los l\u00edmites inadecuada que podr\u00eda permitir a un atacante ejecutar c\u00f3digo arbitrario. ID de IBM X-Force: 250753."
}
],
"id": "CVE-2023-28523",
"lastModified": "2024-11-21T07:55:16.650",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.5,
"impactScore": 5.9,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-09T03:15:06.920",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/250753"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7070188"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/250753"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7070188"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-20515
Vulnerability from fkie_nvd - Published: 2021-04-30 16:15 - Updated: 2024-11-21 05:46
Severity ?
Summary
IBM Informix Dynamic Server 14.10 is vulnerable to a stack based buffer overflow, caused by improper bounds checking. A local privileged user could overflow a buffer and execute arbitrary code on the system or cause a denial of service condition. IBM X-Force ID: 198366.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/198366 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6448568 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/198366 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6448568 | Patch, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:14.10:*:*:*:*:*:*:*",
"matchCriteriaId": "B33D65F4-09CB-4C6C-8D0D-D9EA513F4E07",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F480AA32-841A-4E68-9343-B2E7548B0A0C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:-:*",
"matchCriteriaId": "F5027746-8216-452D-83C5-2F8E9546F2A5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Informix Dynamic Server 14.10 is vulnerable to a stack based buffer overflow, caused by improper bounds checking. A local privileged user could overflow a buffer and execute arbitrary code on the system or cause a denial of service condition. IBM X-Force ID: 198366."
},
{
"lang": "es",
"value": "IBM Informix Dynamic Server versi\u00f3n 14.10, es vulnerable a un desbordamiento del b\u00fafer en la regi\u00f3n stack de la memoria, causado por una comprobaci\u00f3n de l\u00edmites inapropiada.\u0026#xa0;Un usuario privilegiado local podr\u00eda desbordar un b\u00fafer y ejecutar c\u00f3digo arbitrario en el sistema o causar una condici\u00f3n de denegaci\u00f3n de servicio.\u0026#xa0; IBM X-Force ID: 198366."
}
],
"id": "CVE-2021-20515",
"lastModified": "2024-11-21T05:46:42.370",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-30T16:15:07.587",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198366"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6448568"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198366"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6448568"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-4799
Vulnerability from fkie_nvd - Published: 2020-10-08 14:15 - Updated: 2024-11-21 05:33
Severity ?
Summary
IBM Informix spatial 14.10 could allow a local user to execute commands as a privileged user due to an out of bounds write vulnerability. IBM X-Force ID: 189460.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/189460 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6343587 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/189460 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6343587 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | informix_dynamic_server | 14.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:14.10:*:*:*:*:*:*:*",
"matchCriteriaId": "B33D65F4-09CB-4C6C-8D0D-D9EA513F4E07",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Informix spatial 14.10 could allow a local user to execute commands as a privileged user due to an out of bounds write vulnerability. IBM X-Force ID: 189460."
},
{
"lang": "es",
"value": "IBM Informix spatial versi\u00f3n 14.10, podr\u00eda permitir a un usuario local ejecutar comandos como usuario privilegiado debido a una vulnerabilidad de escritura fuera de l\u00edmites.\u0026#xa0;IBM X-Force ID: 189460"
}
],
"id": "CVE-2020-4799",
"lastModified": "2024-11-21T05:33:16.287",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-10-08T14:15:12.733",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189460"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6343587"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189460"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6343587"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-4253
Vulnerability from fkie_nvd - Published: 2019-08-20 19:15 - Updated: 2024-11-21 04:43
Severity ?
Summary
IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local privileged Informix user to load a malicious shared library and gain root access privileges. IBM X-Force ID: 159941.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=ibm10964987 | Vendor Advisory | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/159941 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://security.netapp.com/advisory/ntap-20190903-0002/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=ibm10964987 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/159941 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20190903-0002/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | informix_dynamic_server | 12.10 | |
| ibm | informix_dynamic_server | 12.10 | |
| ibm | informix_dynamic_server | 12.10 | |
| ibm | informix_dynamic_server | 12.10 | |
| ibm | informix_dynamic_server | 12.10 | |
| ibm | informix_dynamic_server | 12.10 | |
| ibm | informix_dynamic_server | 12.10 | |
| ibm | informix_dynamic_server | 12.10 | |
| ibm | informix_dynamic_server | 12.10 | |
| ibm | informix_dynamic_server | 12.10 | |
| ibm | informix_dynamic_server | 12.10 | |
| ibm | informix_dynamic_server | 12.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc1:*:*:enterprise:*:*:*",
"matchCriteriaId": "79BA4641-8E47-4A70-B93B-4170C1011F96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc10:*:*:enterprise:*:*:*",
"matchCriteriaId": "46CA7C74-B228-46C1-8275-16F488DBDC00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc11:*:*:enterprise:*:*:*",
"matchCriteriaId": "87F094E8-45A0-4346-9F7B-2E206947ADB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc12:*:*:enterprise:*:*:*",
"matchCriteriaId": "A34F9759-9979-452F-BBA4-F53ED357DB66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc2:*:*:enterprise:*:*:*",
"matchCriteriaId": "A3C45B9A-05EF-40D3-B945-63FEFAE24F4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc3:*:*:enterprise:*:*:*",
"matchCriteriaId": "11D1CAF1-21AB-4DB8-895B-9215E7A563BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc4:*:*:enterprise:*:*:*",
"matchCriteriaId": "1739EB23-B217-4A52-A7DC-10EE724CF0C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc5:*:*:enterprise:*:*:*",
"matchCriteriaId": "DD6EBF2B-89EC-44C8-B61B-86395A088560",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc6:*:*:enterprise:*:*:*",
"matchCriteriaId": "C37FA1C0-EFC3-4B53-A893-AB486B7DE599",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc7:*:*:enterprise:*:*:*",
"matchCriteriaId": "B97C6E39-EB72-4BBC-BBEE-5B372BA57FE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc8:*:*:enterprise:*:*:*",
"matchCriteriaId": "F07FF49A-305D-4E9E-B52E-6F166B857126",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc9:*:*:enterprise:*:*:*",
"matchCriteriaId": "2E77FCAD-A9A3-4695-A45F-D4B79067DDFD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local privileged Informix user to load a malicious shared library and gain root access privileges. IBM X-Force ID: 159941."
},
{
"lang": "es",
"value": "IBM Informix Dynamic Server Enterprise Edition 12.1 podr\u00eda permitir que un usuario local con privilegios de Informix cargue una biblioteca compartida malintencionada y obtenga privilegios de acceso root. ID de IBM X-Force: 159941."
}
],
"id": "CVE-2019-4253",
"lastModified": "2024-11-21T04:43:22.897",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-20T19:15:11.650",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10964987"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159941"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190903-0002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10964987"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159941"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190903-0002/"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-1633
Vulnerability from fkie_nvd - Published: 2019-08-20 19:15 - Updated: 2024-11-21 04:00
Severity ?
Summary
IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in onsrvapd. IBM X-Force ID: 144434.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=ibm10964987 | Vendor Advisory | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/144434 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://security.netapp.com/advisory/ntap-20190903-0002/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=ibm10964987 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/144434 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20190903-0002/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | informix_dynamic_server | 12.10 | |
| ibm | informix_dynamic_server | 12.10 | |
| ibm | informix_dynamic_server | 12.10 | |
| ibm | informix_dynamic_server | 12.10 | |
| ibm | informix_dynamic_server | 12.10 | |
| ibm | informix_dynamic_server | 12.10 | |
| ibm | informix_dynamic_server | 12.10 | |
| ibm | informix_dynamic_server | 12.10 | |
| ibm | informix_dynamic_server | 12.10 | |
| ibm | informix_dynamic_server | 12.10 | |
| ibm | informix_dynamic_server | 12.10 | |
| ibm | informix_dynamic_server | 12.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc1:*:*:enterprise:*:*:*",
"matchCriteriaId": "79BA4641-8E47-4A70-B93B-4170C1011F96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc10:*:*:enterprise:*:*:*",
"matchCriteriaId": "46CA7C74-B228-46C1-8275-16F488DBDC00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc11:*:*:enterprise:*:*:*",
"matchCriteriaId": "87F094E8-45A0-4346-9F7B-2E206947ADB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc12:*:*:enterprise:*:*:*",
"matchCriteriaId": "A34F9759-9979-452F-BBA4-F53ED357DB66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc2:*:*:enterprise:*:*:*",
"matchCriteriaId": "A3C45B9A-05EF-40D3-B945-63FEFAE24F4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc3:*:*:enterprise:*:*:*",
"matchCriteriaId": "11D1CAF1-21AB-4DB8-895B-9215E7A563BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc4:*:*:enterprise:*:*:*",
"matchCriteriaId": "1739EB23-B217-4A52-A7DC-10EE724CF0C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc5:*:*:enterprise:*:*:*",
"matchCriteriaId": "DD6EBF2B-89EC-44C8-B61B-86395A088560",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc6:*:*:enterprise:*:*:*",
"matchCriteriaId": "C37FA1C0-EFC3-4B53-A893-AB486B7DE599",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc7:*:*:enterprise:*:*:*",
"matchCriteriaId": "B97C6E39-EB72-4BBC-BBEE-5B372BA57FE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc8:*:*:enterprise:*:*:*",
"matchCriteriaId": "F07FF49A-305D-4E9E-B52E-6F166B857126",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc9:*:*:enterprise:*:*:*",
"matchCriteriaId": "2E77FCAD-A9A3-4695-A45F-D4B79067DDFD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in onsrvapd. IBM X-Force ID: 144434."
},
{
"lang": "es",
"value": "IBM Informix Dynamic Server Enterprise Edition 12.1 podr\u00eda permitir que un usuario local que haya iniciado sesi\u00f3n con el usuario administrador de base de datos obtenga privilegios de root a trav\u00e9s de una vulnerabilidad de enlace simb\u00f3lica en onsrvapd. ID de IBM X-Force: 144434."
}
],
"id": "CVE-2018-1633",
"lastModified": "2024-11-21T04:00:06.833",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.5,
"impactScore": 6.0,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-20T19:15:10.137",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10964987"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144434"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190903-0002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10964987"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144434"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190903-0002/"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-1635
Vulnerability from fkie_nvd - Published: 2019-08-20 19:15 - Updated: 2024-11-21 04:00
Severity ?
Summary
Stack-based buffer overflow in oninit in IBM Informix Dynamic Server Enterprise Edition 12.1 allows an authenticated user to execute predefined code with root privileges, such as escalating to a root shell. IBM X-Force ID: 144439.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=ibm10964987 | Vendor Advisory | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/144439 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://security.netapp.com/advisory/ntap-20190903-0002/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=ibm10964987 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/144439 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20190903-0002/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | informix_dynamic_server | 12.10 | |
| ibm | informix_dynamic_server | 12.10 | |
| ibm | informix_dynamic_server | 12.10 | |
| ibm | informix_dynamic_server | 12.10 | |
| ibm | informix_dynamic_server | 12.10 | |
| ibm | informix_dynamic_server | 12.10 | |
| ibm | informix_dynamic_server | 12.10 | |
| ibm | informix_dynamic_server | 12.10 | |
| ibm | informix_dynamic_server | 12.10 | |
| ibm | informix_dynamic_server | 12.10 | |
| ibm | informix_dynamic_server | 12.10 | |
| ibm | informix_dynamic_server | 12.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc1:*:*:enterprise:*:*:*",
"matchCriteriaId": "79BA4641-8E47-4A70-B93B-4170C1011F96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc10:*:*:enterprise:*:*:*",
"matchCriteriaId": "46CA7C74-B228-46C1-8275-16F488DBDC00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc11:*:*:enterprise:*:*:*",
"matchCriteriaId": "87F094E8-45A0-4346-9F7B-2E206947ADB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc12:*:*:enterprise:*:*:*",
"matchCriteriaId": "A34F9759-9979-452F-BBA4-F53ED357DB66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc2:*:*:enterprise:*:*:*",
"matchCriteriaId": "A3C45B9A-05EF-40D3-B945-63FEFAE24F4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc3:*:*:enterprise:*:*:*",
"matchCriteriaId": "11D1CAF1-21AB-4DB8-895B-9215E7A563BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc4:*:*:enterprise:*:*:*",
"matchCriteriaId": "1739EB23-B217-4A52-A7DC-10EE724CF0C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc5:*:*:enterprise:*:*:*",
"matchCriteriaId": "DD6EBF2B-89EC-44C8-B61B-86395A088560",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc6:*:*:enterprise:*:*:*",
"matchCriteriaId": "C37FA1C0-EFC3-4B53-A893-AB486B7DE599",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc7:*:*:enterprise:*:*:*",
"matchCriteriaId": "B97C6E39-EB72-4BBC-BBEE-5B372BA57FE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc8:*:*:enterprise:*:*:*",
"matchCriteriaId": "F07FF49A-305D-4E9E-B52E-6F166B857126",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc9:*:*:enterprise:*:*:*",
"matchCriteriaId": "2E77FCAD-A9A3-4695-A45F-D4B79067DDFD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in oninit in IBM Informix Dynamic Server Enterprise Edition 12.1 allows an authenticated user to execute predefined code with root privileges, such as escalating to a root shell. IBM X-Force ID: 144439."
},
{
"lang": "es",
"value": "El desbordamiento de b\u00fafer basado en pilas en oninit en IBM Informix Dynamic Server Enterprise Edition 12.1 permite a un usuario autenticado ejecutar c\u00f3digo predefinido con privilegios ra\u00edz, como escalar a un shell ra\u00edz. ID de IBM X-Force: 144439."
}
],
"id": "CVE-2018-1635",
"lastModified": "2024-11-21T04:00:07.087",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.5,
"impactScore": 6.0,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-20T19:15:10.290",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10964987"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144439"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190903-0002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10964987"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144439"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190903-0002/"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2024-45675 (GCVE-0-2024-45675)
Vulnerability from nvd – Published: 2025-12-02 02:00 – Updated: 2025-12-03 04:55
VLAI?
Summary
IBM Informix Dynamic Server 14.10 could allow a local user on the system to log into the Informix server as administrator without a password.
Severity ?
8.4 (High)
CWE
- CWE-309 - Use of Password System for Primary Authentication
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Informix Dynamic Server |
Affected:
14.10
cpe:2.3:a:ibm:informix_dynamic_server:14.10:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45675",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-02T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T04:55:38.968Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:informix_dynamic_server:14.10:*:*:*:*:*:*:*"
],
"product": "Informix Dynamic Server",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "14.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Informix Dynamic Server 14.10 could allow a local user on the system to log into the Informix server as administrator without a password.\u003c/p\u003e"
}
],
"value": "IBM Informix Dynamic Server 14.10 could allow a local user on the system to log into the Informix server as administrator without a password."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-309",
"description": "CWE-309 Use of Password System for Primary Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T02:00:26.554Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7252704"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eRemediation/Fixes Impact is limited to Informix Server on Windows. No exploitation has been observed or is possible on non\u2011Windows platforms. Update to IBM Informix Dynamic Server 14.10.xC11W1. Fix is available on IBM Fix Central - Select Fixes - Informix Server . Follow the instructions for Database server upgrades in the Informix Servers documentation Follow the instructions to install or upgrade Informix in the What\u0027s new and changed in Informix in the IBM Cloud Pak for Data documentation.\u003c/p\u003e"
}
],
"value": "Remediation/Fixes Impact is limited to Informix Server on Windows. No exploitation has been observed or is possible on non\u2011Windows platforms. Update to IBM Informix Dynamic Server 14.10.xC11W1. Fix is available on IBM Fix Central - Select Fixes - Informix Server . Follow the instructions for Database server upgrades in the Informix Servers documentation Follow the instructions to install or upgrade Informix in the What\u0027s new and changed in Informix in the IBM Cloud Pak for Data documentation."
}
],
"title": "IBM Informix Dynamic Server Authentication Bypass",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-45675",
"datePublished": "2025-12-02T02:00:26.554Z",
"dateReserved": "2024-09-03T13:50:43.964Z",
"dateUpdated": "2025-12-03T04:55:38.968Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-49343 (GCVE-0-2024-49343)
Vulnerability from nvd – Published: 2025-07-28 15:27 – Updated: 2025-07-28 17:20
VLAI?
Summary
IBM Informix Dynamic Server 12.10 and 14.10 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
Severity ?
5.4 (Medium)
CWE
- CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Informix Dynamic Server |
Affected:
12.10
Affected: 14.10 cpe:2.3:a:ibm:informix_dynamic_server:12.10:-:*:*:-:*:*:* cpe:2.3:a:ibm:informix_dynamic_server:14.10:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49343",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-28T17:20:08.140088Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-28T17:20:17.395Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:informix_dynamic_server:12.10:-:*:*:-:*:*:*",
"cpe:2.3:a:ibm:informix_dynamic_server:14.10:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Informix Dynamic Server",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "12.10"
},
{
"status": "affected",
"version": "14.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Informix Dynamic Server 12.10 and 14.10 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim\u0027s Web browser within the security context of the hosting site."
}
],
"value": "IBM Informix Dynamic Server 12.10 and 14.10 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim\u0027s Web browser within the security context of the hosting site."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-28T15:27:37.588Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7240777"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A permanent fix for the vulnerability has been released in IBM Informix HQ, included with versions 12.10.xC16W2, 14.10.xC11W1, and also addressed in IBM Informix HQ version 3.0.0.\u003cbr\u003e\u003cbr\u003eFixes are available on IBM Fix Central - Select Fixes - Informix Server. Download the latest fix for your product and version to pick up the security patches.\u003cbr\u003e\u003cbr\u003eFollow the instructions for Database server upgrades in the Informix Servers documentation.\u003cbr\u003e"
}
],
"value": "A permanent fix for the vulnerability has been released in IBM Informix HQ, included with versions 12.10.xC16W2, 14.10.xC11W1, and also addressed in IBM Informix HQ version 3.0.0.\n\nFixes are available on IBM Fix Central - Select Fixes - Informix Server. Download the latest fix for your product and version to pick up the security patches.\n\nFollow the instructions for Database server upgrades in the Informix Servers documentation."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Informix Dynamic Server HTML injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-49343",
"datePublished": "2025-07-28T15:27:37.588Z",
"dateReserved": "2024-10-14T12:05:13.492Z",
"dateUpdated": "2025-07-28T17:20:17.395Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-49342 (GCVE-0-2024-49342)
Vulnerability from nvd – Published: 2025-07-28 15:26 – Updated: 2025-07-28 17:19
VLAI?
Summary
IBM Informix Dynamic Server 12.10 and 14.10 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.
Severity ?
7.5 (High)
CWE
- CWE-307 - Improper Restriction of Excessive Authentication Attempts
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Informix Dynamic Server |
Affected:
12.10
Affected: 14.10 cpe:2.3:a:ibm:informix_dynamic_server:12.10:-:*:*:-:*:*:* cpe:2.3:a:ibm:informix_dynamic_server:14.10:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49342",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-28T17:19:34.430133Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-28T17:19:52.455Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:informix_dynamic_server:12.10:-:*:*:-:*:*:*",
"cpe:2.3:a:ibm:informix_dynamic_server:14.10:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Informix Dynamic Server",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "12.10"
},
{
"status": "affected",
"version": "14.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Informix Dynamic Server 12.10 and 14.10 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials."
}
],
"value": "IBM Informix Dynamic Server 12.10 and 14.10 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-307",
"description": "CWE-307 Improper Restriction of Excessive Authentication Attempts",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-28T15:26:35.209Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7240777"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A permanent fix for the vulnerability has been released in IBM Informix HQ, included with versions 12.10.xC16W2, 14.10.xC11W1, and also addressed in IBM Informix HQ version 3.0.0.\u003cbr\u003e\u003cbr\u003eFixes are available on IBM Fix Central - Select Fixes - Informix Server. Download the latest fix for your product and version to pick up the security patches.\u003cbr\u003e\u003cbr\u003eFollow the instructions for Database server upgrades in the Informix Servers documentation.\u003cbr\u003e"
}
],
"value": "A permanent fix for the vulnerability has been released in IBM Informix HQ, included with versions 12.10.xC16W2, 14.10.xC11W1, and also addressed in IBM Informix HQ version 3.0.0.\n\nFixes are available on IBM Fix Central - Select Fixes - Informix Server. Download the latest fix for your product and version to pick up the security patches.\n\nFollow the instructions for Database server upgrades in the Informix Servers documentation."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Informix Dynamic Server information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-49342",
"datePublished": "2025-07-28T15:26:35.209Z",
"dateReserved": "2024-10-14T12:05:13.492Z",
"dateUpdated": "2025-07-28T17:19:52.455Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1991 (GCVE-0-2025-1991)
Vulnerability from nvd – Published: 2025-06-28 13:02 – Updated: 2025-08-24 11:40
VLAI?
Summary
IBM Informix Dynamic Server 12.10,14.10, and15.0 could allow a remote attacker to cause a denial of service due to an integer underflow when processing packets.
Severity ?
7.5 (High)
CWE
- CWE-191 - Integer Underflow (Wrap or Wraparound)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Informix Dynamic Server |
Affected:
12.10
Affected: 14.10 Affected: 15.0 cpe:2.3:a:ibm:informix_dynamic_server:12.10:-:*:*:-:*:*:* cpe:2.3:a:ibm:informix_dynamic_server:14.10:*:*:*:*:*:*:* cpe:2.3:a:ibm:informix_dynamic_server:15.0:*:*:*:*:*:*:* |
Credits
cnwangjihe
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1991",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-30T18:26:37.929457Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-30T18:33:24.715Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:informix_dynamic_server:12.10:-:*:*:-:*:*:*",
"cpe:2.3:a:ibm:informix_dynamic_server:14.10:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:informix_dynamic_server:15.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Informix Dynamic Server",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "12.10"
},
{
"status": "affected",
"version": "14.10"
},
{
"status": "affected",
"version": "15.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "cnwangjihe"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Informix Dynamic Server 12.10,14.10, and15.0 could allow a remote attacker to cause a denial of service due to an integer underflow when processing packets."
}
],
"value": "IBM Informix Dynamic Server 12.10,14.10, and15.0 could allow a remote attacker to cause a denial of service due to an integer underflow when processing packets."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-191",
"description": "CWE-191 Integer Underflow (Wrap or Wraparound)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-24T11:40:02.546Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7238455"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to IBM Informix Dynamic Server 14.10.xC11W2.\u003cbr\u003e\u003cbr\u003eFix is available on IBM Fix Central - Select Fixes - Informix Server.\u003cbr\u003eFollow the instructions for Database server upgrades in the Informix Servers documentation.\u003cbr\u003eUpdate to IBM Informix Dynamic Server 12.10.xC16W2.\u003cbr\u003e\u003cbr\u003eFix is available on IBM Fix Central - Select Fixes - Informix Server.\u003cbr\u003eFollow the instructions for Database server upgrades in the Informix Servers documentation.\u003cbr\u003e"
}
],
"value": "Update to IBM Informix Dynamic Server 14.10.xC11W2.\n\nFix is available on IBM Fix Central - Select Fixes - Informix Server.\nFollow the instructions for Database server upgrades in the Informix Servers documentation.\nUpdate to IBM Informix Dynamic Server 12.10.xC16W2.\n\nFix is available on IBM Fix Central - Select Fixes - Informix Server.\nFollow the instructions for Database server upgrades in the Informix Servers documentation."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Informix Dynamic Server denial of service",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-1991",
"datePublished": "2025-06-28T13:02:21.000Z",
"dateReserved": "2025-03-05T16:10:23.797Z",
"dateUpdated": "2025-08-24T11:40:02.546Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28523 (GCVE-0-2023-28523)
Vulnerability from nvd – Published: 2023-12-09 02:24 – Updated: 2025-05-27 15:11
VLAI?
Summary
IBM Informix Dynamic Server 12.10 and 14.10 onsmsync is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow an attacker to execute arbitrary code. IBM X-Force ID: 250753.
Severity ?
8.4 (High)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Informix Dynamic Server |
Affected:
12.10, 14.10
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T13:43:23.203Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7070188"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/250753"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28523",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-27T15:11:43.170434Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-27T15:11:52.865Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Informix Dynamic Server",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "12.10, 14.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM Informix Dynamic Server 12.10 and 14.10 onsmsync is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow an attacker to execute arbitrary code. IBM X-Force ID: 250753.\u003c/span\u003e\n\n"
}
],
"value": "\nIBM Informix Dynamic Server 12.10 and 14.10 onsmsync is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow an attacker to execute arbitrary code. IBM X-Force ID: 250753.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-09T02:24:19.177Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7070188"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/250753"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Informix Dynamic Server buffer overflow",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2023-28523",
"datePublished": "2023-12-09T02:24:19.177Z",
"dateReserved": "2023-03-16T21:05:56.575Z",
"dateUpdated": "2025-05-27T15:11:52.865Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28526 (GCVE-0-2023-28526)
Vulnerability from nvd – Published: 2023-12-09 02:22 – Updated: 2024-08-02 13:43
VLAI?
Summary
IBM Informix Dynamic Server 12.10 and 14.10 archecker is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow a local user to cause a segmentation fault. IBM X-Force ID: 251204.
Severity ?
6.2 (Medium)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Informix Dynamic Server |
Affected:
12.10, 14.10
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T13:43:22.515Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7070188"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/251204"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Informix Dynamic Server",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "12.10, 14.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM Informix Dynamic Server 12.10 and 14.10 archecker is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow a local user to cause a segmentation fault. IBM X-Force ID: 251204.\u003c/span\u003e\n\n"
}
],
"value": "\nIBM Informix Dynamic Server 12.10 and 14.10 archecker is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow a local user to cause a segmentation fault. IBM X-Force ID: 251204.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-09T02:22:19.624Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7070188"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/251204"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Informix Dynamic Server buffer overflow",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2023-28526",
"datePublished": "2023-12-09T02:22:19.624Z",
"dateReserved": "2023-03-16T21:05:56.575Z",
"dateUpdated": "2024-08-02T13:43:22.515Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28527 (GCVE-0-2023-28527)
Vulnerability from nvd – Published: 2023-12-09 02:15 – Updated: 2024-09-16 18:39
VLAI?
Summary
IBM Informix Dynamic Server 12.10 and 14.10 cdr is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow a local user to cause a segmentation fault. IBM X-Force ID: 251206.
Severity ?
6.2 (Medium)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Informix Dynamic Server |
Affected:
12.10, 14.10
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T13:43:22.552Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7070188"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/251206"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28527",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-29T19:02:55.369389Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T18:39:06.527Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Informix Dynamic Server",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "12.10, 14.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM Informix Dynamic Server 12.10 and 14.10 cdr is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow a local user to cause a segmentation fault. IBM X-Force ID: 251206.\u003c/span\u003e\n\n"
}
],
"value": "\nIBM Informix Dynamic Server 12.10 and 14.10 cdr is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow a local user to cause a segmentation fault. IBM X-Force ID: 251206.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-09T02:15:39.553Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7070188"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/251206"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Informix Dynamic Server buffer overflow",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2023-28527",
"datePublished": "2023-12-09T02:15:39.553Z",
"dateReserved": "2023-03-16T21:05:56.576Z",
"dateUpdated": "2024-09-16T18:39:06.527Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20515 (GCVE-0-2021-20515)
Vulnerability from nvd – Published: 2021-04-30 15:45 – Updated: 2024-09-16 18:18
VLAI?
Summary
IBM Informix Dynamic Server 14.10 is vulnerable to a stack based buffer overflow, caused by improper bounds checking. A local privileged user could overflow a buffer and execute arbitrary code on the system or cause a denial of service condition. IBM X-Force ID: 198366.
Severity ?
CWE
- Gain Privileges
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Informix Dynamic Server |
Affected:
14.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:45:44.353Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6448568"
},
{
"name": "ibm-informix-cve202120515-bo (198366)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198366"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Informix Dynamic Server",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "14.1"
}
]
}
],
"datePublic": "2021-04-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Informix Dynamic Server 14.10 is vulnerable to a stack based buffer overflow, caused by improper bounds checking. A local privileged user could overflow a buffer and execute arbitrary code on the system or cause a denial of service condition. IBM X-Force ID: 198366."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5.8,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/C:H/S:U/PR:H/A:H/AV:L/UI:N/I:H/AC:L/RL:O/RC:C/E:U",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-30T15:45:15",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6448568"
},
{
"name": "ibm-informix-cve202120515-bo (198366)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198366"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-04-29T00:00:00",
"ID": "CVE-2021-20515",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Informix Dynamic Server",
"version": {
"version_data": [
{
"version_value": "14.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Informix Dynamic Server 14.10 is vulnerable to a stack based buffer overflow, caused by improper bounds checking. A local privileged user could overflow a buffer and execute arbitrary code on the system or cause a denial of service condition. IBM X-Force ID: 198366."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "H",
"AC": "L",
"AV": "L",
"C": "H",
"I": "H",
"PR": "H",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6448568",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6448568 (Informix Dynamic Server)",
"url": "https://www.ibm.com/support/pages/node/6448568"
},
{
"name": "ibm-informix-cve202120515-bo (198366)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198366"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2021-20515",
"datePublished": "2021-04-30T15:45:15.878163Z",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-09-16T18:18:52.587Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4799 (GCVE-0-2020-4799)
Vulnerability from nvd – Published: 2020-10-08 13:20 – Updated: 2024-09-16 23:30
VLAI?
Summary
IBM Informix spatial 14.10 could allow a local user to execute commands as a privileged user due to an out of bounds write vulnerability. IBM X-Force ID: 189460.
Severity ?
CWE
- Gain Privileges
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Informix Dynamic Server |
Affected:
14.10
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:14:58.423Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6343587"
},
{
"name": "ibm-informix-cve20204799-priv-escalation (189460)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189460"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Informix Dynamic Server",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "14.10"
}
]
}
],
"datePublic": "2020-10-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Informix spatial 14.10 could allow a local user to execute commands as a privileged user due to an out of bounds write vulnerability. IBM X-Force ID: 189460."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 6.8,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:L/A:H/UI:N/C:H/I:H/PR:L/AV:L/S:U/RL:O/E:U/RC:C",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-08T13:20:16",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6343587"
},
{
"name": "ibm-informix-cve20204799-priv-escalation (189460)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189460"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-10-07T00:00:00",
"ID": "CVE-2020-4799",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Informix Dynamic Server",
"version": {
"version_data": [
{
"version_value": "14.10"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Informix spatial 14.10 could allow a local user to execute commands as a privileged user due to an out of bounds write vulnerability. IBM X-Force ID: 189460."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "H",
"AC": "L",
"AV": "L",
"C": "H",
"I": "H",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6343587",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6343587",
"url": "https://www.ibm.com/support/pages/node/6343587"
},
{
"name": "ibm-informix-cve20204799-priv-escalation (189460)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189460"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4799",
"datePublished": "2020-10-08T13:20:17.028481Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-16T23:30:22.798Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45675 (GCVE-0-2024-45675)
Vulnerability from cvelistv5 – Published: 2025-12-02 02:00 – Updated: 2025-12-03 04:55
VLAI?
Summary
IBM Informix Dynamic Server 14.10 could allow a local user on the system to log into the Informix server as administrator without a password.
Severity ?
8.4 (High)
CWE
- CWE-309 - Use of Password System for Primary Authentication
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Informix Dynamic Server |
Affected:
14.10
cpe:2.3:a:ibm:informix_dynamic_server:14.10:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45675",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-02T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T04:55:38.968Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:informix_dynamic_server:14.10:*:*:*:*:*:*:*"
],
"product": "Informix Dynamic Server",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "14.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Informix Dynamic Server 14.10 could allow a local user on the system to log into the Informix server as administrator without a password.\u003c/p\u003e"
}
],
"value": "IBM Informix Dynamic Server 14.10 could allow a local user on the system to log into the Informix server as administrator without a password."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-309",
"description": "CWE-309 Use of Password System for Primary Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T02:00:26.554Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7252704"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eRemediation/Fixes Impact is limited to Informix Server on Windows. No exploitation has been observed or is possible on non\u2011Windows platforms. Update to IBM Informix Dynamic Server 14.10.xC11W1. Fix is available on IBM Fix Central - Select Fixes - Informix Server . Follow the instructions for Database server upgrades in the Informix Servers documentation Follow the instructions to install or upgrade Informix in the What\u0027s new and changed in Informix in the IBM Cloud Pak for Data documentation.\u003c/p\u003e"
}
],
"value": "Remediation/Fixes Impact is limited to Informix Server on Windows. No exploitation has been observed or is possible on non\u2011Windows platforms. Update to IBM Informix Dynamic Server 14.10.xC11W1. Fix is available on IBM Fix Central - Select Fixes - Informix Server . Follow the instructions for Database server upgrades in the Informix Servers documentation Follow the instructions to install or upgrade Informix in the What\u0027s new and changed in Informix in the IBM Cloud Pak for Data documentation."
}
],
"title": "IBM Informix Dynamic Server Authentication Bypass",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-45675",
"datePublished": "2025-12-02T02:00:26.554Z",
"dateReserved": "2024-09-03T13:50:43.964Z",
"dateUpdated": "2025-12-03T04:55:38.968Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-49343 (GCVE-0-2024-49343)
Vulnerability from cvelistv5 – Published: 2025-07-28 15:27 – Updated: 2025-07-28 17:20
VLAI?
Summary
IBM Informix Dynamic Server 12.10 and 14.10 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
Severity ?
5.4 (Medium)
CWE
- CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Informix Dynamic Server |
Affected:
12.10
Affected: 14.10 cpe:2.3:a:ibm:informix_dynamic_server:12.10:-:*:*:-:*:*:* cpe:2.3:a:ibm:informix_dynamic_server:14.10:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49343",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-28T17:20:08.140088Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-28T17:20:17.395Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:informix_dynamic_server:12.10:-:*:*:-:*:*:*",
"cpe:2.3:a:ibm:informix_dynamic_server:14.10:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Informix Dynamic Server",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "12.10"
},
{
"status": "affected",
"version": "14.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Informix Dynamic Server 12.10 and 14.10 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim\u0027s Web browser within the security context of the hosting site."
}
],
"value": "IBM Informix Dynamic Server 12.10 and 14.10 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim\u0027s Web browser within the security context of the hosting site."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-28T15:27:37.588Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7240777"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A permanent fix for the vulnerability has been released in IBM Informix HQ, included with versions 12.10.xC16W2, 14.10.xC11W1, and also addressed in IBM Informix HQ version 3.0.0.\u003cbr\u003e\u003cbr\u003eFixes are available on IBM Fix Central - Select Fixes - Informix Server. Download the latest fix for your product and version to pick up the security patches.\u003cbr\u003e\u003cbr\u003eFollow the instructions for Database server upgrades in the Informix Servers documentation.\u003cbr\u003e"
}
],
"value": "A permanent fix for the vulnerability has been released in IBM Informix HQ, included with versions 12.10.xC16W2, 14.10.xC11W1, and also addressed in IBM Informix HQ version 3.0.0.\n\nFixes are available on IBM Fix Central - Select Fixes - Informix Server. Download the latest fix for your product and version to pick up the security patches.\n\nFollow the instructions for Database server upgrades in the Informix Servers documentation."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Informix Dynamic Server HTML injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-49343",
"datePublished": "2025-07-28T15:27:37.588Z",
"dateReserved": "2024-10-14T12:05:13.492Z",
"dateUpdated": "2025-07-28T17:20:17.395Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-49342 (GCVE-0-2024-49342)
Vulnerability from cvelistv5 – Published: 2025-07-28 15:26 – Updated: 2025-07-28 17:19
VLAI?
Summary
IBM Informix Dynamic Server 12.10 and 14.10 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.
Severity ?
7.5 (High)
CWE
- CWE-307 - Improper Restriction of Excessive Authentication Attempts
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Informix Dynamic Server |
Affected:
12.10
Affected: 14.10 cpe:2.3:a:ibm:informix_dynamic_server:12.10:-:*:*:-:*:*:* cpe:2.3:a:ibm:informix_dynamic_server:14.10:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49342",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-28T17:19:34.430133Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-28T17:19:52.455Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:informix_dynamic_server:12.10:-:*:*:-:*:*:*",
"cpe:2.3:a:ibm:informix_dynamic_server:14.10:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Informix Dynamic Server",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "12.10"
},
{
"status": "affected",
"version": "14.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Informix Dynamic Server 12.10 and 14.10 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials."
}
],
"value": "IBM Informix Dynamic Server 12.10 and 14.10 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-307",
"description": "CWE-307 Improper Restriction of Excessive Authentication Attempts",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-28T15:26:35.209Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7240777"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A permanent fix for the vulnerability has been released in IBM Informix HQ, included with versions 12.10.xC16W2, 14.10.xC11W1, and also addressed in IBM Informix HQ version 3.0.0.\u003cbr\u003e\u003cbr\u003eFixes are available on IBM Fix Central - Select Fixes - Informix Server. Download the latest fix for your product and version to pick up the security patches.\u003cbr\u003e\u003cbr\u003eFollow the instructions for Database server upgrades in the Informix Servers documentation.\u003cbr\u003e"
}
],
"value": "A permanent fix for the vulnerability has been released in IBM Informix HQ, included with versions 12.10.xC16W2, 14.10.xC11W1, and also addressed in IBM Informix HQ version 3.0.0.\n\nFixes are available on IBM Fix Central - Select Fixes - Informix Server. Download the latest fix for your product and version to pick up the security patches.\n\nFollow the instructions for Database server upgrades in the Informix Servers documentation."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Informix Dynamic Server information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-49342",
"datePublished": "2025-07-28T15:26:35.209Z",
"dateReserved": "2024-10-14T12:05:13.492Z",
"dateUpdated": "2025-07-28T17:19:52.455Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1991 (GCVE-0-2025-1991)
Vulnerability from cvelistv5 – Published: 2025-06-28 13:02 – Updated: 2025-08-24 11:40
VLAI?
Summary
IBM Informix Dynamic Server 12.10,14.10, and15.0 could allow a remote attacker to cause a denial of service due to an integer underflow when processing packets.
Severity ?
7.5 (High)
CWE
- CWE-191 - Integer Underflow (Wrap or Wraparound)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Informix Dynamic Server |
Affected:
12.10
Affected: 14.10 Affected: 15.0 cpe:2.3:a:ibm:informix_dynamic_server:12.10:-:*:*:-:*:*:* cpe:2.3:a:ibm:informix_dynamic_server:14.10:*:*:*:*:*:*:* cpe:2.3:a:ibm:informix_dynamic_server:15.0:*:*:*:*:*:*:* |
Credits
cnwangjihe
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1991",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-30T18:26:37.929457Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-30T18:33:24.715Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:informix_dynamic_server:12.10:-:*:*:-:*:*:*",
"cpe:2.3:a:ibm:informix_dynamic_server:14.10:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:informix_dynamic_server:15.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Informix Dynamic Server",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "12.10"
},
{
"status": "affected",
"version": "14.10"
},
{
"status": "affected",
"version": "15.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "cnwangjihe"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Informix Dynamic Server 12.10,14.10, and15.0 could allow a remote attacker to cause a denial of service due to an integer underflow when processing packets."
}
],
"value": "IBM Informix Dynamic Server 12.10,14.10, and15.0 could allow a remote attacker to cause a denial of service due to an integer underflow when processing packets."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-191",
"description": "CWE-191 Integer Underflow (Wrap or Wraparound)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-24T11:40:02.546Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7238455"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to IBM Informix Dynamic Server 14.10.xC11W2.\u003cbr\u003e\u003cbr\u003eFix is available on IBM Fix Central - Select Fixes - Informix Server.\u003cbr\u003eFollow the instructions for Database server upgrades in the Informix Servers documentation.\u003cbr\u003eUpdate to IBM Informix Dynamic Server 12.10.xC16W2.\u003cbr\u003e\u003cbr\u003eFix is available on IBM Fix Central - Select Fixes - Informix Server.\u003cbr\u003eFollow the instructions for Database server upgrades in the Informix Servers documentation.\u003cbr\u003e"
}
],
"value": "Update to IBM Informix Dynamic Server 14.10.xC11W2.\n\nFix is available on IBM Fix Central - Select Fixes - Informix Server.\nFollow the instructions for Database server upgrades in the Informix Servers documentation.\nUpdate to IBM Informix Dynamic Server 12.10.xC16W2.\n\nFix is available on IBM Fix Central - Select Fixes - Informix Server.\nFollow the instructions for Database server upgrades in the Informix Servers documentation."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Informix Dynamic Server denial of service",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-1991",
"datePublished": "2025-06-28T13:02:21.000Z",
"dateReserved": "2025-03-05T16:10:23.797Z",
"dateUpdated": "2025-08-24T11:40:02.546Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28523 (GCVE-0-2023-28523)
Vulnerability from cvelistv5 – Published: 2023-12-09 02:24 – Updated: 2025-05-27 15:11
VLAI?
Summary
IBM Informix Dynamic Server 12.10 and 14.10 onsmsync is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow an attacker to execute arbitrary code. IBM X-Force ID: 250753.
Severity ?
8.4 (High)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Informix Dynamic Server |
Affected:
12.10, 14.10
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T13:43:23.203Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7070188"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/250753"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28523",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-27T15:11:43.170434Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-27T15:11:52.865Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Informix Dynamic Server",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "12.10, 14.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM Informix Dynamic Server 12.10 and 14.10 onsmsync is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow an attacker to execute arbitrary code. IBM X-Force ID: 250753.\u003c/span\u003e\n\n"
}
],
"value": "\nIBM Informix Dynamic Server 12.10 and 14.10 onsmsync is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow an attacker to execute arbitrary code. IBM X-Force ID: 250753.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-09T02:24:19.177Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7070188"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/250753"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Informix Dynamic Server buffer overflow",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2023-28523",
"datePublished": "2023-12-09T02:24:19.177Z",
"dateReserved": "2023-03-16T21:05:56.575Z",
"dateUpdated": "2025-05-27T15:11:52.865Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28526 (GCVE-0-2023-28526)
Vulnerability from cvelistv5 – Published: 2023-12-09 02:22 – Updated: 2024-08-02 13:43
VLAI?
Summary
IBM Informix Dynamic Server 12.10 and 14.10 archecker is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow a local user to cause a segmentation fault. IBM X-Force ID: 251204.
Severity ?
6.2 (Medium)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Informix Dynamic Server |
Affected:
12.10, 14.10
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T13:43:22.515Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7070188"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/251204"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Informix Dynamic Server",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "12.10, 14.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM Informix Dynamic Server 12.10 and 14.10 archecker is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow a local user to cause a segmentation fault. IBM X-Force ID: 251204.\u003c/span\u003e\n\n"
}
],
"value": "\nIBM Informix Dynamic Server 12.10 and 14.10 archecker is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow a local user to cause a segmentation fault. IBM X-Force ID: 251204.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-09T02:22:19.624Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7070188"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/251204"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Informix Dynamic Server buffer overflow",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2023-28526",
"datePublished": "2023-12-09T02:22:19.624Z",
"dateReserved": "2023-03-16T21:05:56.575Z",
"dateUpdated": "2024-08-02T13:43:22.515Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28527 (GCVE-0-2023-28527)
Vulnerability from cvelistv5 – Published: 2023-12-09 02:15 – Updated: 2024-09-16 18:39
VLAI?
Summary
IBM Informix Dynamic Server 12.10 and 14.10 cdr is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow a local user to cause a segmentation fault. IBM X-Force ID: 251206.
Severity ?
6.2 (Medium)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Informix Dynamic Server |
Affected:
12.10, 14.10
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T13:43:22.552Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7070188"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/251206"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28527",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-29T19:02:55.369389Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T18:39:06.527Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Informix Dynamic Server",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "12.10, 14.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM Informix Dynamic Server 12.10 and 14.10 cdr is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow a local user to cause a segmentation fault. IBM X-Force ID: 251206.\u003c/span\u003e\n\n"
}
],
"value": "\nIBM Informix Dynamic Server 12.10 and 14.10 cdr is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow a local user to cause a segmentation fault. IBM X-Force ID: 251206.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-09T02:15:39.553Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7070188"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/251206"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Informix Dynamic Server buffer overflow",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2023-28527",
"datePublished": "2023-12-09T02:15:39.553Z",
"dateReserved": "2023-03-16T21:05:56.576Z",
"dateUpdated": "2024-09-16T18:39:06.527Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20515 (GCVE-0-2021-20515)
Vulnerability from cvelistv5 – Published: 2021-04-30 15:45 – Updated: 2024-09-16 18:18
VLAI?
Summary
IBM Informix Dynamic Server 14.10 is vulnerable to a stack based buffer overflow, caused by improper bounds checking. A local privileged user could overflow a buffer and execute arbitrary code on the system or cause a denial of service condition. IBM X-Force ID: 198366.
Severity ?
CWE
- Gain Privileges
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Informix Dynamic Server |
Affected:
14.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:45:44.353Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6448568"
},
{
"name": "ibm-informix-cve202120515-bo (198366)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198366"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Informix Dynamic Server",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "14.1"
}
]
}
],
"datePublic": "2021-04-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Informix Dynamic Server 14.10 is vulnerable to a stack based buffer overflow, caused by improper bounds checking. A local privileged user could overflow a buffer and execute arbitrary code on the system or cause a denial of service condition. IBM X-Force ID: 198366."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5.8,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/C:H/S:U/PR:H/A:H/AV:L/UI:N/I:H/AC:L/RL:O/RC:C/E:U",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-30T15:45:15",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6448568"
},
{
"name": "ibm-informix-cve202120515-bo (198366)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198366"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-04-29T00:00:00",
"ID": "CVE-2021-20515",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Informix Dynamic Server",
"version": {
"version_data": [
{
"version_value": "14.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Informix Dynamic Server 14.10 is vulnerable to a stack based buffer overflow, caused by improper bounds checking. A local privileged user could overflow a buffer and execute arbitrary code on the system or cause a denial of service condition. IBM X-Force ID: 198366."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "H",
"AC": "L",
"AV": "L",
"C": "H",
"I": "H",
"PR": "H",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6448568",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6448568 (Informix Dynamic Server)",
"url": "https://www.ibm.com/support/pages/node/6448568"
},
{
"name": "ibm-informix-cve202120515-bo (198366)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198366"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2021-20515",
"datePublished": "2021-04-30T15:45:15.878163Z",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-09-16T18:18:52.587Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4799 (GCVE-0-2020-4799)
Vulnerability from cvelistv5 – Published: 2020-10-08 13:20 – Updated: 2024-09-16 23:30
VLAI?
Summary
IBM Informix spatial 14.10 could allow a local user to execute commands as a privileged user due to an out of bounds write vulnerability. IBM X-Force ID: 189460.
Severity ?
CWE
- Gain Privileges
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Informix Dynamic Server |
Affected:
14.10
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:14:58.423Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6343587"
},
{
"name": "ibm-informix-cve20204799-priv-escalation (189460)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189460"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Informix Dynamic Server",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "14.10"
}
]
}
],
"datePublic": "2020-10-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Informix spatial 14.10 could allow a local user to execute commands as a privileged user due to an out of bounds write vulnerability. IBM X-Force ID: 189460."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 6.8,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:L/A:H/UI:N/C:H/I:H/PR:L/AV:L/S:U/RL:O/E:U/RC:C",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-08T13:20:16",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6343587"
},
{
"name": "ibm-informix-cve20204799-priv-escalation (189460)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189460"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-10-07T00:00:00",
"ID": "CVE-2020-4799",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Informix Dynamic Server",
"version": {
"version_data": [
{
"version_value": "14.10"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Informix spatial 14.10 could allow a local user to execute commands as a privileged user due to an out of bounds write vulnerability. IBM X-Force ID: 189460."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "H",
"AC": "L",
"AV": "L",
"C": "H",
"I": "H",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6343587",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6343587",
"url": "https://www.ibm.com/support/pages/node/6343587"
},
{
"name": "ibm-informix-cve20204799-priv-escalation (189460)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189460"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4799",
"datePublished": "2020-10-08T13:20:17.028481Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-16T23:30:22.798Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}