DataDirect Connect for JDBC
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-10703 | Hig | 0.56 | — | 0.00 | Nov 19, 2025 | Improper Control of Generation of Code ('Code Injection') vulnerability in Progress DataDirect Connect for JDBC drivers, Progress DataDirect Open Access JDBC driver and Hybrid Data Pipeline allows Remote Code Inclusion. The SpyAttribute connection option implemented by the… | ||
| CVE-2025-10702 | Hig | 0.56 | — | 0.00 | Nov 19, 2025 | Improper Control of Generation of Code ('Code Injection') vulnerability in Progress DataDirect Connect for JDBC drivers, Progress DataDirect Open Access JDBC driver and Hybrid Data Pipeline allows Remote Code Inclusion. The SpyAttribute connection option implemented by the… | ||
| CVE-2023-34364 | 0.00 | — | 0.02 | Jun 9, 2023 | A buffer overflow was discovered in Progress DataDirect Connect for ODBC before 08.02.2770 for Oracle. An overly large value for certain options of a connection string may overrun the buffer allocated to process the string value. This allows an attacker to execute code of their… | |||
| CVE-2023-34363 | 0.00 | — | 0.00 | Jun 9, 2023 | An issue was discovered in Progress DataDirect Connect for ODBC before 08.02.2770 for Oracle. When using Oracle Advanced Security (OAS) encryption, if an error is encountered initializing the encryption object used to encrypt data, the code falls back to a different encryption… |
- risk 0.56cvss —epss 0.00
Improper Control of Generation of Code ('Code Injection') vulnerability in Progress DataDirect Connect for JDBC drivers, Progress DataDirect Open Access JDBC driver and Hybrid Data Pipeline allows Remote Code Inclusion. The SpyAttribute connection option implemented by the…
- risk 0.56cvss —epss 0.00
Improper Control of Generation of Code ('Code Injection') vulnerability in Progress DataDirect Connect for JDBC drivers, Progress DataDirect Open Access JDBC driver and Hybrid Data Pipeline allows Remote Code Inclusion. The SpyAttribute connection option implemented by the…
- CVE-2023-34364Jun 9, 2023risk 0.00cvss —epss 0.02
A buffer overflow was discovered in Progress DataDirect Connect for ODBC before 08.02.2770 for Oracle. An overly large value for certain options of a connection string may overrun the buffer allocated to process the string value. This allows an attacker to execute code of their…
- CVE-2023-34363Jun 9, 2023risk 0.00cvss —epss 0.00
An issue was discovered in Progress DataDirect Connect for ODBC before 08.02.2770 for Oracle. When using Oracle Advanced Security (OAS) encryption, if an error is encountered initializing the encryption object used to encrypt data, the code falls back to a different encryption…