Informix Dynamic Server
by IBM
CVEs (55)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-0226 | Hig | 0.51 | 7.8 | 0.00 | Mar 28, 2016 | The client implementation in IBM Informix Dynamic Server 11.70.xCn on Windows does not properly restrict access to the (1) nsrd, (2) nsrexecd, and (3) portmap executable files, which allows local users to gain privileges via a Trojan horse file. | ||
| CVE-2017-1508 | Med | 0.44 | 6.7 | 0.00 | Sep 13, 2017 | IBM Informix Dynamic Server 12.1 could allow a local user logged in with database administrator user to gain root privileges. IBM X-Force ID: 129620. | ||
| CVE-2017-1310 | Med | 0.42 | 6.5 | 0.02 | Jun 29, 2017 | IBM Informix Dynamic Server 12.1 could allow an authenticated user to cause a buffer overflow that would write large assertion fail files to the server. Done enough times, this could use large parts of the file system and cause the server to crash. IBM X-Force ID: 125569. | ||
| CVE-2009-2754 | 0.06 | — | 0.40 | Mar 5, 2010 | Integer signedness error in the authentication functionality in librpc.dll in the Informix Storage Manager (ISM) Portmapper service (aka portmap.exe), as used in IBM Informix Dynamic Server (IDS) 10.x before 10.00.TC9 and 11.x before 11.10.TC3 and EMC Legato NetWorker, allows… | |||
| CVE-2009-2753 | 0.04 | — | 0.11 | Mar 5, 2010 | Multiple buffer overflows in the authentication functionality in librpc.dll in the Informix Storage Manager (ISM) Portmapper service (aka portmap.exe), as used in IBM Informix Dynamic Server (IDS) 10.x before 10.00.TC9 and 11.x before 11.10.TC3, allow remote attackers to execute… | |||
| CVE-2004-2131 | 0.03 | — | 0.01 | Jan 27, 2004 | Stack-based buffer overflow in ontape for IBM Informix Dynamic Server (IDS) 9.40.xC3 and earlier allows local users, with DSA privileges, to execute arbitrary code via a long ONCONFIG environment variable. | |||
| CVE-2024-45675 | 0.00 | — | 0.00 | Dec 2, 2025 | IBM Informix Dynamic Server 14.10 could allow a local user on the system to log into the Informix server as administrator without a password. | |||
| CVE-2024-49343 | 0.00 | — | 0.00 | Jul 28, 2025 | IBM Informix Dynamic Server 12.10 and 14.10 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. | |||
| CVE-2024-49342 | 0.00 | — | 0.00 | Jul 28, 2025 | IBM Informix Dynamic Server 12.10 and 14.10 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. | |||
| CVE-2025-1991 | 0.00 | — | 0.00 | Jun 28, 2025 | IBM Informix Dynamic Server 12.10,14.10, and15.0 could allow a remote attacker to cause a denial of service due to an integer underflow when processing packets. | |||
| CVE-2023-28523 | 0.00 | — | 0.00 | Dec 9, 2023 | IBM Informix Dynamic Server 12.10 and 14.10 onsmsync is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow an attacker to execute arbitrary code. IBM X-Force ID: 250753. | |||
| CVE-2023-28526 | 0.00 | — | 0.00 | Dec 9, 2023 | IBM Informix Dynamic Server 12.10 and 14.10 archecker is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow a local user to cause a segmentation fault. IBM X-Force ID: 251204. | |||
| CVE-2023-28527 | 0.00 | — | 0.00 | Dec 9, 2023 | IBM Informix Dynamic Server 12.10 and 14.10 cdr is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow a local user to cause a segmentation fault. IBM X-Force ID: 251206. | |||
| CVE-2021-20515 | 0.00 | — | 0.00 | Apr 30, 2021 | IBM Informix Dynamic Server 14.10 is vulnerable to a stack based buffer overflow, caused by improper bounds checking. A local privileged user could overflow a buffer and execute arbitrary code on the system or cause a denial of service condition. IBM X-Force ID: 198366. | |||
| CVE-2020-4799 | 0.00 | — | 0.00 | Oct 8, 2020 | IBM Informix spatial 14.10 could allow a local user to execute commands as a privileged user due to an out of bounds write vulnerability. IBM X-Force ID: 189460. | |||
| CVE-2019-4253 | 0.00 | — | 0.00 | Aug 20, 2019 | IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local privileged Informix user to load a malicious shared library and gain root access privileges. IBM X-Force ID: 159941. | |||
| CVE-2018-1796 | 0.00 | — | 0.00 | Aug 20, 2019 | IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user to load malicious libraries and gain root privileges. IBM X-Force ID: 149426. | |||
| CVE-2018-1636 | 0.00 | — | 0.00 | Aug 20, 2019 | Stack-based buffer overflow in oninit in IBM Informix Dynamic Server Enterprise Edition 12.1 allows an authenticated user to execute predefined code with root privileges, such as escalating to a root shell. IBM X-Force ID: 144441. | |||
| CVE-2018-1635 | 0.00 | — | 0.00 | Aug 20, 2019 | Stack-based buffer overflow in oninit in IBM Informix Dynamic Server Enterprise Edition 12.1 allows an authenticated user to execute predefined code with root privileges, such as escalating to a root shell. IBM X-Force ID: 144439. | |||
| CVE-2018-1634 | 0.00 | — | 0.00 | Aug 20, 2019 | IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in infos.DBSERVERNAME. IBM X-Force ID: 144437. |
- risk 0.51cvss 7.8epss 0.00
The client implementation in IBM Informix Dynamic Server 11.70.xCn on Windows does not properly restrict access to the (1) nsrd, (2) nsrexecd, and (3) portmap executable files, which allows local users to gain privileges via a Trojan horse file.
- risk 0.44cvss 6.7epss 0.00
IBM Informix Dynamic Server 12.1 could allow a local user logged in with database administrator user to gain root privileges. IBM X-Force ID: 129620.
- risk 0.42cvss 6.5epss 0.02
IBM Informix Dynamic Server 12.1 could allow an authenticated user to cause a buffer overflow that would write large assertion fail files to the server. Done enough times, this could use large parts of the file system and cause the server to crash. IBM X-Force ID: 125569.
- CVE-2009-2754Mar 5, 2010risk 0.06cvss —epss 0.40
Integer signedness error in the authentication functionality in librpc.dll in the Informix Storage Manager (ISM) Portmapper service (aka portmap.exe), as used in IBM Informix Dynamic Server (IDS) 10.x before 10.00.TC9 and 11.x before 11.10.TC3 and EMC Legato NetWorker, allows…
- CVE-2009-2753Mar 5, 2010risk 0.04cvss —epss 0.11
Multiple buffer overflows in the authentication functionality in librpc.dll in the Informix Storage Manager (ISM) Portmapper service (aka portmap.exe), as used in IBM Informix Dynamic Server (IDS) 10.x before 10.00.TC9 and 11.x before 11.10.TC3, allow remote attackers to execute…
- CVE-2004-2131Jan 27, 2004risk 0.03cvss —epss 0.01
Stack-based buffer overflow in ontape for IBM Informix Dynamic Server (IDS) 9.40.xC3 and earlier allows local users, with DSA privileges, to execute arbitrary code via a long ONCONFIG environment variable.
- CVE-2024-45675Dec 2, 2025risk 0.00cvss —epss 0.00
IBM Informix Dynamic Server 14.10 could allow a local user on the system to log into the Informix server as administrator without a password.
- CVE-2024-49343Jul 28, 2025risk 0.00cvss —epss 0.00
IBM Informix Dynamic Server 12.10 and 14.10 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
- CVE-2024-49342Jul 28, 2025risk 0.00cvss —epss 0.00
IBM Informix Dynamic Server 12.10 and 14.10 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.
- CVE-2025-1991Jun 28, 2025risk 0.00cvss —epss 0.00
IBM Informix Dynamic Server 12.10,14.10, and15.0 could allow a remote attacker to cause a denial of service due to an integer underflow when processing packets.
- CVE-2023-28523Dec 9, 2023risk 0.00cvss —epss 0.00
IBM Informix Dynamic Server 12.10 and 14.10 onsmsync is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow an attacker to execute arbitrary code. IBM X-Force ID: 250753.
- CVE-2023-28526Dec 9, 2023risk 0.00cvss —epss 0.00
IBM Informix Dynamic Server 12.10 and 14.10 archecker is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow a local user to cause a segmentation fault. IBM X-Force ID: 251204.
- CVE-2023-28527Dec 9, 2023risk 0.00cvss —epss 0.00
IBM Informix Dynamic Server 12.10 and 14.10 cdr is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow a local user to cause a segmentation fault. IBM X-Force ID: 251206.
- CVE-2021-20515Apr 30, 2021risk 0.00cvss —epss 0.00
IBM Informix Dynamic Server 14.10 is vulnerable to a stack based buffer overflow, caused by improper bounds checking. A local privileged user could overflow a buffer and execute arbitrary code on the system or cause a denial of service condition. IBM X-Force ID: 198366.
- CVE-2020-4799Oct 8, 2020risk 0.00cvss —epss 0.00
IBM Informix spatial 14.10 could allow a local user to execute commands as a privileged user due to an out of bounds write vulnerability. IBM X-Force ID: 189460.
- CVE-2019-4253Aug 20, 2019risk 0.00cvss —epss 0.00
IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local privileged Informix user to load a malicious shared library and gain root access privileges. IBM X-Force ID: 159941.
- CVE-2018-1796Aug 20, 2019risk 0.00cvss —epss 0.00
IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user to load malicious libraries and gain root privileges. IBM X-Force ID: 149426.
- CVE-2018-1636Aug 20, 2019risk 0.00cvss —epss 0.00
Stack-based buffer overflow in oninit in IBM Informix Dynamic Server Enterprise Edition 12.1 allows an authenticated user to execute predefined code with root privileges, such as escalating to a root shell. IBM X-Force ID: 144441.
- CVE-2018-1635Aug 20, 2019risk 0.00cvss —epss 0.00
Stack-based buffer overflow in oninit in IBM Informix Dynamic Server Enterprise Edition 12.1 allows an authenticated user to execute predefined code with root privileges, such as escalating to a root shell. IBM X-Force ID: 144439.
- CVE-2018-1634Aug 20, 2019risk 0.00cvss —epss 0.00
IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in infos.DBSERVERNAME. IBM X-Force ID: 144437.
Page 1 of 3