Summary In informix-jdbc-complete, there is a method, com.informix.jdbcx.IfxConnectionPoolManager.<constructor>, designed to create a connection pool manager. Passing an unchecked argument to this API can lead to the execution of arbitrary commands. Vulnerability Details ** CVEID: CVE-2023-35895 DESCRIPTION: **IBM Informix JDBC Driver is susceptible to remote code execution attack via JNDI injection when passing an unchecked argument to a certain API. CVSS Base score: 6.3 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/259116 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L) Affected Products and Versions Affected Product(s)| Version(s) —|— Informix JDBC| 4.10.x Informix JDBC| 4.50.x Remediation/Fixes IBM Informix JDBC 4.50.J10W1 is available through IBM Fix Central. Workarounds and Mitigations…Read More