Yugabytedb Connector
Monthly
Command injection in Delphix Continuous Data database connectors allows authenticated attackers with low-privilege network access to execute arbitrary operating system commands on staging or target hosts. The vulnerability affects multiple database connector types (IBM DB2, MongoDB, PostgreSQL, MySQL, Oracle EBS, SAP HANA, CockroachDB, Couchbase, Cassandra, YugabyteDB) due to improper input validation (CWE-78). Network-based exploitation with low complexity (AV:N/AC:L) requires authentication (PR:L) but no user interaction, resulting in complete compromise of confidentiality, integrity, and availability on affected connector hosts. Vendor Perforce has published an advisory; no CISA KEV listing or public exploit identified at time of analysis.
Command injection in Delphix Continuous Data database connectors allows authenticated attackers with low-privilege network access to execute arbitrary operating system commands on staging or target hosts. The vulnerability affects multiple database connector types (IBM DB2, MongoDB, PostgreSQL, MySQL, Oracle EBS, SAP HANA, CockroachDB, Couchbase, Cassandra, YugabyteDB) due to improper input validation (CWE-78). Network-based exploitation with low complexity (AV:N/AC:L) requires authentication (PR:L) but no user interaction, resulting in complete compromise of confidentiality, integrity, and availability on affected connector hosts. Vendor Perforce has published an advisory; no CISA KEV listing or public exploit identified at time of analysis.