IBM Robotic Process Automation with Automation Anywhere is vulnerable to attacks involving PostgreSQL.
CVEID:CVE-2019-10209
**DESCRIPTION:**PostgreSQL could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw when user-defined hash equality operators exists in the database. By sending a specially-crafted request, an attacker could exploit this vulnerability to read arbitrary bytes of server memory, and use this information to launch further attacks against the affected system.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/165073 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)
CVEID:CVE-2019-10211
**DESCRIPTION:**PostgreSQL could allow a local authenticated attacker to execute arbitrary code on the system, caused by an issue with reading configuration from a hardcoded directory in libeay32.dll during SSL initialization. By injecting specially-crafted code to the configuration, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/165075 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVEID:CVE-2019-10210
**DESCRIPTION:**PostgreSQL could allow a local attacker to obtain sensitive information, caused by an issue when the EnterpriseDB Windows installer writes a password to a temporary file in the installation directory. By gaining access to the temporary file, an attacker could exploit this vulnerability to obtain user credentials.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/165074 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVEID:CVE-2019-10208
**DESCRIPTION:**PostgreSQL is vulnerable to SQL injection. A remote authenticated attacker could send specially-crafted SQL statements to the DEFINER function, which could allow the attacker to view, add, modify or delete information in the back-end database.
CVSS Base score: 5.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/165072 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Robotic Process Automation with Automation Anywhere | 11.0 |
Product | VRMF | Remediation / First Fix |
---|---|---|
IBM Robotic Process Automation with Automation Anywhere | 11.0.0.8 | IBM Robotic Process Automation with Automation Anywhere v11.0.0.8 Date 1/21/2020 |
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm robotic process automation with automation anywhere | eq | 11.0.0 |