HTML Injection Vulnerability in IBM Informix Dynamic Server
CVE-2024-49343

5.4MEDIUM

Key Information:

Vendor: IBM
Status: Informix Dynamic Server
Vendor: CVE Published:; 28 July 2025

What is CVE-2024-49343?

IBM Informix Dynamic Server versions 12.10 and 14.10 are susceptible to an HTML injection vulnerability. This flaw allows a remote attacker to inject malicious HTML code into the application. When a user accesses the compromised content, the injected code may be executed within the victim's web browser, running under the security context of the hosting site. This presents a significant risk as it can lead to unauthorized actions or data exposure on the affected system.

Affected Version(s)

Informix Dynamic Server 12.10

Informix Dynamic Server 14.10

References

https://www.ibm.com/support/pages/node/7240777

vendor-advisorypatch

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 28, 2025
Vulnerability Reserved
Oct 14, 2024