CVE-2023-27866

Name of the Vulnerable Software and Affected Versions IBM Informix JDBC Driver versions 4.10 and 4.50

Description The issue allows for remote code execution via JNDI injection when the driver code or the application using the driver does not verify the supplied LDAP URL in the Connect String.

Recommendations For IBM Informix JDBC Driver versions 4.10 and 4.50, consider verifying the supplied LDAP URL in the Connect String to prevent JNDI injection attacks. As a temporary workaround, consider restricting the use of the Connect String or the LDAP URL until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.