CVE-2024-49343

IBM Informix Dynamic Server HTML injection

Description

IBM Informix Dynamic Server 12.10 and 14.10 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.

Remediation

Solution:

A permanent fix for the vulnerability has been released in IBM Informix HQ, included with versions 12.10.xC16W2, 14.10.xC11W1, and also addressed in IBM Informix HQ version 3.0.0. Fixes are available on IBM Fix Central - Select Fixes - Informix Server. Download the latest fix for your product and version to pick up the security patches. Follow the instructions for Database server upgrades in the Informix Servers documentation.

References

Link	Tags
https://www.ibm.com/support/pages/node/7240777	patch vendor advisory

Frequently Asked Questions

What is the severity of CVE-2024-49343?: CVE-2024-49343 has been scored as a medium severity vulnerability.
How to fix CVE-2024-49343?: To fix CVE-2024-49343: A permanent fix for the vulnerability has been released in IBM Informix HQ, included with versions 12.10.xC16W2, 14.10.xC11W1, and also addressed in IBM Informix HQ version 3.0.0. Fixes are available on IBM Fix Central - Select Fixes - Informix Server. Download the latest fix for your product and version to pick up the security patches. Follow the instructions for Database server upgrades in the Informix Servers documentation.
Is CVE-2024-49343 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2024-49343 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-49343?: CVE-2024-49343 affects IBM Informix Dynamic Server.

Description

Remediation

Category

CWE-80 – Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

References

Frequently Asked Questions