CVE-2025-10702

Name of the Vulnerable Software and Affected Versions Progress DataDirect Connect for JDBC for Amazon Redshift versions through 6.0.0.001392 Progress DataDirect Connect for JDBC for Apache Cassandra versions through 6.0.0.000805 Progress DataDirect Connect for JDBC for Hive versions through 6.0.1.001499 Progress DataDirect Connect for JDBC for Apache Impala versions through 6.0.0.001155 Progress DataDirect Connect for JDBC for Apache SparkSQL versions through 6.0.1.001222 Progress DataDirect Connect for JDBC Autonomous REST Connector versions through 6.0.1.006961 Progress DataDirect Connect for JDBC for DB2 versions through 6.0.0.000717 Progress DataDirect Connect for JDBC for Google Analytics 4 versions through 6.0.0.000454 Progress DataDirect Connect for JDBC for Google BigQuery versions through 6.0.0.002279 Progress DataDirect Connect for JDBC for Greenplum versions through 6.0.0.001712 Progress DataDirect Connect for JDBC for Informix versions through 6.0.0.000690 Progress DataDirect Connect for JDBC for Microsoft Dynamics 365 versions through 6.0.0.003161 Progress DataDirect Connect for JDBC for Microsoft SQLServer versions through 6.0.0.001936 Progress DataDirect Connect for JDBC for Microsoft Sharepoint versions through 6.0.0.001559 Progress DataDirect Connect for JDBC for MongoDB versions through 6.1.0.001654 Progress DataDirect Connect for JDBC for MySQL versions through 5.1.4.000330 Progress DataDirect Connect for JDBC for Oracle Database versions through 6.0.0.001747 Progress DataDirect Connect for JDBC for Oracle Eloqua versions through 6.0.0.001438 Progress DataDirect Connect for JDBC for Oracle Sales Cloud versions through 6.0.0.001225 Progress DataDirect Connect for JDBC for Oracle Service Cloud versions through 5.1.4.000298 Progress DataDirect Connect for JDBC for PostgreSQL versions through 6.0.0.001843 Progress DataDirect Connect for JDBC for Progress OpenEdge versions through 5.1.4.000187 Progress DataDirect Connect for JDBC for Salesforce versions through 6.0.0.003020 Progress DataDirect Connect for JDBC for SAP HANA versions through 6.0.0.000879 Progress DataDirect Connect for JDBC for SAP S/4 HANA versions through 6.0.1.001818 Progress DataDirect Connect for JDBC for Sybase ASE versions through 5.1.4.000161 Progress DataDirect Connect for JDBC for Snowflake versions through 6.0.1.001821 DataDirect Hybrid Data Pipeline Server versions through 4.6.2.3309 DataDirect Hybrid Data Pipeline JDBC Driver versions through 4.6.2.0607 DataDirect Hybrid Data Pipeline On Premises Connector versions through 4.6.2.1223 DataDirect Hybrid Data Pipeline Docker versions through 4.6.2.3316 DataDirect OpenAccess JDBC Driver versions through 8.1.0.0177 DataDirect OpenAccess JDBC Driver versions through 9.0.0.0019

Description The software is susceptible to a code injection issue due to improper control of code generation. The SpyAttribute connection option allows an attacker to load and execute arbitrary classes on the class path if the application permits user-specified values for this option. This can lead to remote code inclusion.

Recommendations Progress DataDirect Connect for JDBC for Amazon Redshift versions through 6.0.0.001392: Upgrade to version 6.0.0.001541 or later. Progress DataDirect Connect for JDBC for Apache Cassandra versions through 6.0.0.000805: Upgrade to version 6.0.0.000833 or later. Progress DataDirect Connect for JDBC for Hive versions through 6.0.1.001499: Upgrade to version 6.0.1.001628 or later. Progress DataDirect Connect for JDBC for Apache Impala versions through 6.0.0.001155: Upgrade to version 6.0.0.001279 or later. Progress DataDirect Connect for JDBC for Apache SparkSQL versions through 6.0.1.001222: Upgrade to version 6.0.1.001344 or later. Progress DataDirect Connect for JDBC Autonomous REST Connector versions through 6.0.1.006961: Upgrade to version 6.0.1.007063 or later. Progress DataDirect Connect for JDBC for DB2 versions through 6.0.0.000717: Upgrade to version 6.0.0.000964 or later. Progress DataDirect Connect for JDBC for Google Analytics 4 versions through 6.0.0.000454: Upgrade to version 6.0.0.000525 or later. Progress DataDirect Connect for JDBC for Google BigQuery versions through 6.0.0.002279: Upgrade to version 6.0.0.002410 or later. Progress DataDirect Connect for JDBC for Greenplum versions through 6.0.0.001712: Upgrade to version 6.0.0.001727 or later. Progress DataDirect Connect for JDBC for Informix versions through 6.0.0.000690: Upgrade to version 6.0.0.0851 or later. Progress DataDirect Connect for JDBC for Microsoft Dynamics 365 versions through 6.0.0.003161: Upgrade to version 6.0.0.3198 or later. Progress DataDirect Connect for JDBC for Microsoft SQLServer versions through 6.0.0.001936: Upgrade to version 6.0.0.001957 or later. Progress DataDirect Connect for JDBC for Microsoft Sharepoint versions through 6.0.0.001559: Upgrade to version 6.0.0.001587 or later. Progress DataDirect Connect for JDBC for MongoDB versions through 6.1.0.001654: Upgrade to version 6.1.0.001669 or later. Progress DataDirect Connect for JDBC for MySQL versions through 5.1.4.000330: Upgrade to version 5.1.4.000364 or later. Progress DataDirect Connect for JDBC for Oracle Database versions through 6.0.0.001747: Upgrade to version 6.0.0.001776 or later. Progress DataDirect Connect for JDBC for Oracle Eloqua versions through 6.0.0.001438: Upgrade to version 6.0.0.001458 or later. Progress DataDirect Connect for JDBC for Oracle Sales Cloud versions through 6.0.0.001225: Upgrade to version 6.0.0.001316 or later. Progress DataDirect Connect for JDBC for Oracle Service Cloud versions through 5.1.4.000298: Upgrade to version 5.1.4.000309 or later. Progress DataDirect Connect for JDBC for PostgreSQL versions through 6.0.0.001843: Upgrade to version 6.0.0.001856 or later. Progress DataDirect Connect for JDBC for Progress OpenEdge versions through 5.1.4.000187: Upgrade to version 5.1.4.000189 or later. Progress DataDirect Connect for JDBC for Salesforce versions through 6.0.0.003020: Upgrade to version 6.0.0.003125 or later. Progress DataDirect Connect for JDBC for SAP HANA versions through 6.0.0.000879: This product is retired. Progress DataDirect Connect for JDBC for SAP S/4 HANA versions through 6.0.1.001818: Upgrade to version 6.0.1.001858 or later. Progress DataDirect Connect for JDBC for Sybase ASE versions through 5.1.4.000161: Upgrade to version 5.1.4.000162 or later. Progress DataDirect Connect for JDBC for Snowflake versions through 6.0.1.001821: Upgrade to version 6.0.1.001856 or later. DataDirect Hybrid Data Pipeline Server versions through 4.6.2.3309: Upgrade to version 4.6.2.3430 or later. DataDirect Hybrid Data Pipeline JDBC Driver versions through 4.6.2.0607: Upgrade to version 4.6.2.1023 or later. DataDirect Hybrid Data Pipeline On Premises Connector versions through 4.6.2.1223: Upgrade to version 4.6.2.1339 or later. DataDirect Hybrid Data Pipeline Docker versions through 4.6.2.3316: Upgrade to version 4.6.2.3430 or later. DataDirect OpenAccess JDBC Driver versions through 8.1.0.0177: Upgrade to version 8.1.0.0183 or later. DataDirect OpenAccess JDBC Driver versions through 9.0.0.0019: Upgrade to version 9.0.0.0022 or later.