"-Synchronized-Data."

2025-05-07 11:06:39 +00:00 · 2023-06-28 16:00:42 +00:00 · 2023-06-28 16:00:42 +00:00 · eeb3b2574b
commit eeb3b2574b
parent a173b879c4
1 changed files with 79 additions and 4 deletions
--- a/2023/27xxx/CVE-2023-27866.json
+++ b/2023/27xxx/CVE-2023-27866.json
@ -1,17 +1,92 @@
 {
+    "data_version": "4.0",
    "data_type": "CVE",
    "data_format": "MITRE",
-    "data_version": "4.0",
    "CVE_data_meta": {
        "ID": "CVE-2023-27866",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "ASSIGNER": "psirt@us.ibm.com",
+        "STATE": "PUBLIC"
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "IBM Informix JDBC Driver 4.10 and 4.50 is susceptible to remote code execution attack via JNDI injection when driver code or the application using the driver do not verify supplied LDAP URL in Connect String.  IBM X-Force ID:  249511."
+            }
+        ]
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-94 Improper Control of Generation of Code ('Code Injection')",
+                        "cweId": "CWE-94"
+                    }
+                ]
+            }
+        ]
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "IBM",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "Informix JDBC",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_affected": "=",
+                                            "version_value": "4.10, 4.50"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "references": {
+        "reference_data": [
+            {
+                "url": "https://www.ibm.com/support/pages/node/7007615",
+                "refsource": "MISC",
+                "name": "https://www.ibm.com/support/pages/node/7007615"
+            },
+            {
+                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/249511",
+                "refsource": "MISC",
+                "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/249511"
+            }
+        ]
+    },
+    "generator": {
+        "engine": "Vulnogram 0.1.0-dev"
+    },
+    "source": {
+        "discovery": "UNKNOWN"
+    },
+    "impact": {
+        "cvss": [
+            {
+                "attackComplexity": "LOW",
+                "attackVector": "NETWORK",
+                "availabilityImpact": "LOW",
+                "baseScore": 6.3,
+                "baseSeverity": "MEDIUM",
+                "confidentialityImpact": "LOW",
+                "integrityImpact": "LOW",
+                "privilegesRequired": "LOW",
+                "scope": "UNCHANGED",
+                "userInteraction": "NONE",
+                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+                "version": "3.1"
            }
        ]
    }