CNNVD-202511-2220 Information
CNNVD ID
CNNVD-202511-2220
Related CVE
- CNNVD Published: 2025-11-19
Description (Chinese)
Progress Hybrid Data Pipeline等都是美国Progress公司的产品。Progress Hybrid Data Pipeline是一个数据管道软件。Progress Hybrid Data Pipeline Server是一个数据管道服务器。Progress DataDirect Connect for JDBC是一套高性能JDBC驱动程序。 Progress多款产品存在代码注入漏洞,该漏洞源于SpyAttribute连接选项允许指定任意文件,可能导致远程代码包含。以下产品受到影响:DataDirect Connect for JDBC、DataDirect OpenAccess JDBC Driver和DataDirect Hybrid Data Pipeline Server和DataDirect Hybrid Data Pipeline JDBC Driver。
Description (English)
Progress Hybrid Data Pipeline and others are products of Progress. Progress Hybrid Data Pipeline is a data conduit software. Progress Hybrid Data Pipeline Server is a data conduit server. Progress DataDirect Contact for JDBC is a high-performance JDBC driver. Progress multi-products have a code infusion loophole, which stems from the SpyAttribute connection option allowing for the assignment of any file, which may result in remote code inclusion. The following products were affected: DataDirectConect for JDBC, DataDirectOpenAccess JDBC Driver and DataDiridData Pipeline Server and DataDiridData Pipeline JDBC Driver.
Hazard Level
Medium
Vulnerability Type
代码注入
Affected Vendor
Progress
Published
2025-11-19
Last Modified
2026-02-24