Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM2D1DDC9A6922C5A81EF6FA701763017E88B683CE9DF3036EE77B661157DF4815
HistoryApr 13, 2020 - 10:56 p.m.

Security Bulletin: PostgreSQL vulnerabilities in IBM Robotic Process Automation with Automation Anywhere (CVE-2019-10209, 10211, 10210, 10208)

2020-04-1322:56:10
www.ibm.com
14

0.003 Low

EPSS

Percentile

66.4%

JSON

Summary

IBM Robotic Process Automation with Automation Anywhere is vulnerable to attacks involving PostgreSQL.

Vulnerability Details

CVEID:CVE-2019-10209
**DESCRIPTION:**PostgreSQL could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw when user-defined hash equality operators exists in the database. By sending a specially-crafted request, an attacker could exploit this vulnerability to read arbitrary bytes of server memory, and use this information to launch further attacks against the affected system.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/165073 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)

CVEID:CVE-2019-10211
**DESCRIPTION:**PostgreSQL could allow a local authenticated attacker to execute arbitrary code on the system, caused by an issue with reading configuration from a hardcoded directory in libeay32.dll during SSL initialization. By injecting specially-crafted code to the configuration, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/165075 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2019-10210
**DESCRIPTION:**PostgreSQL could allow a local attacker to obtain sensitive information, caused by an issue when the EnterpriseDB Windows installer writes a password to a temporary file in the installation directory. By gaining access to the temporary file, an attacker could exploit this vulnerability to obtain user credentials.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/165074 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID:CVE-2019-10208
**DESCRIPTION:**PostgreSQL is vulnerable to SQL injection. A remote authenticated attacker could send specially-crafted SQL statements to the DEFINER function, which could allow the attacker to view, add, modify or delete information in the back-end database.
CVSS Base score: 5.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/165072 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Robotic Process Automation with Automation Anywhere 11.0

Remediation/Fixes

Product VRMF Remediation / First Fix
IBM Robotic Process Automation with Automation Anywhere 11.0.0.8 IBM Robotic Process Automation with Automation Anywhere v11.0.0.8 Date 1/21/2020

Workarounds and Mitigations

None

Related

kaspersky 1
openvas 16
nessus 46
fedora 3
ibm 2
debian 3
altlinux 11
ubuntu 1
osv 5
mageia 1
archlinux 2
freebsd 1
photon 8
prion 4
cve 4
postgresql 4
redhatcve 4
nvd 4
cvelist 4
debiancve 2
alpinelinux 2
suse 2
amazon 5
ubuntucve 2
veracode 1
f5 1
centos 1
redhat 10
oraclelinux 4
hackerone 1
almalinux 1
kaspersky
kaspersky
KLA11539 Multiple vulnerabilities in PostgreSQL
2019-08-08 00:00:00
openvas
openvas
Fedora Update for postgresql FEDORA-2019-5fbbf73269
2019-08-20 00:00:00
Fedora Update for postgresql FEDORA-2019-986fce48b4
2019-08-20 00:00:00
Fedora Update for libpq FEDORA-2019-986fce48b4
2019-08-20 00:00:00
nessus
nessus
PostgreSQL 9.4.x < 9.4.24 / 9.5.x < 9.5.19 / 9.6.x < 9.6.15 / 10.x < 10.10 / 11.x < 11.5 Multiple Vulnerabilities
2019-08-16 00:00:00
Fedora 29 : postgresql (2019-5fbbf73269)
2019-08-20 00:00:00
Fedora 30 : libpq / postgresql (2019-986fce48b4)
2019-08-20 00:00:00
fedora
fedora
[SECURITY] Fedora 30 Update: libpq-11.5-1.fc30
2019-08-19 01:02:27
[SECURITY] Fedora 30 Update: postgresql-11.5-1.fc30
2019-08-19 01:02:28
[SECURITY] Fedora 29 Update: postgresql-10.10-1.fc29
2019-08-19 02:29:35
ibm
ibm
Security Bulletin: Multiple vulnerabilities in PostgreSQL Affect IBM Sterling Connect:Direct for Microsoft Windows
2020-07-24 22:49:37
Security Bulletin: Multiple Security Vulnerabilities Have been addressed in IBM Security Access Manager
2021-10-15 20:24:10
debian
debian
[SECURITY] [DSA 4493-1] postgresql-11 security update
2019-08-08 20:24:41
[SECURITY] [DSA 4492-1] postgresql-9.6 security update
2019-08-08 20:19:59
[SECURITY] [DLA-1874-1] postgresql-9.4 security update
2019-08-09 08:33:57
altlinux
altlinux
Security fix for the ALT Linux 10 package postgresql14 version 11.5-alt1
2019-08-07 00:00:00
Security fix for the ALT Linux 10 package postgresql12 version 11.5-alt1
2019-08-07 00:00:00
Security fix for the ALT Linux 8 package postgresql12 version 11.5-alt0.M80P.1
2019-08-07 00:00:00
ubuntu
ubuntu
PostgreSQL vulnerabilities
2019-08-09 00:00:00
osv
osv
postgresql-11 - security update
2019-08-08 00:00:00
CVE-2019-10209
2019-10-29 19:15:16
postgresql-9.6 - security update
2019-08-08 00:00:00
mageia
mageia
Updated postgresql packages fix security vulnerabilities
2019-08-18 15:39:41
archlinux
archlinux
[ASA-201908-7] postgresql-libs: multiple issues
2019-08-10 00:00:00
[ASA-201908-8] postgresql: multiple issues
2019-08-10 00:00:00
freebsd
freebsd
PostgresSQL -- TYPE in pg_temp execute arbitrary SQL during `SECURITY DEFINER` execution
2019-08-08 00:00:00
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2019-1.0-0261
2019-12-15 00:00:00
Important Photon OS Security Update - PHSA-2019-0261
2019-12-15 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2019-2.0-0190
2019-11-20 00:00:00
prion
prion
Design/Logic Flaw
2019-10-29 19:15:00
Directory traversal
2019-10-29 19:15:00
Sql injection
2019-10-29 19:15:00
cve
cve
CVE-2019-10210
2019-10-29 19:15:16
CVE-2019-10211
2019-10-29 19:15:16
CVE-2019-10209
2019-10-29 19:15:16
postgresql
postgresql
Vulnerability in packaging (CVE-2019-10211)
2019-10-29 19:15:00
Vulnerability in packaging (CVE-2019-10210)
2019-10-29 19:15:00
Vulnerability in core server (CVE-2019-10209)
2019-10-29 19:15:00
redhatcve
redhatcve
CVE-2019-10211
2019-11-10 15:10:00
CVE-2019-10210
2019-10-13 01:53:12
CVE-2019-10209
2020-04-03 14:01:28
nvd
nvd
CVE-2019-10210
2019-10-29 19:15:16
CVE-2019-10211
2019-10-29 19:15:16
CVE-2019-10209
2019-10-29 19:15:16
cvelist
cvelist
CVE-2019-10210
2019-10-29 00:00:00
CVE-2019-10211
2019-10-29 13:15:40
CVE-2019-10209
2019-10-29 13:11:45
debiancve
debiancve
CVE-2019-10209
2019-10-29 19:15:16
CVE-2019-10208
2019-10-29 19:15:16
alpinelinux
alpinelinux
CVE-2019-10209
2019-10-29 19:15:16
CVE-2019-10208
2019-10-29 19:15:16
suse
suse
Security update for postgresql10 (important)
2019-09-04 00:00:00
Security update for postgresql96, postgresql10 and postgresql12 (moderate)
2020-08-17 00:00:00
amazon
amazon
Medium: postgresql94
2020-10-26 18:25:00
Medium: postgresql95
2020-10-26 18:27:00
Important: postgresql
2021-06-16 20:37:00
ubuntucve
ubuntucve
CVE-2019-10209
2019-08-08 00:00:00
CVE-2019-10208
2019-08-08 00:00:00
veracode
veracode
SQL Injection
2020-10-23 08:59:59
f5
f5
K10224912 : PostgreSQL vulnerability CVE-2019-10208
2020-07-27 00:00:00
centos
centos
postgresql security update
2021-06-14 18:54:03
redhat
redhat
(RHSA-2021:1512) Important: postgresql security update
2021-05-06 09:02:33
(RHSA-2020:0980) Moderate: rh-postgresql10-postgresql security update
2020-03-26 11:47:39
(RHSA-2020:4295) Moderate: rh-postgresql96-postgresql security update
2020-10-21 12:43:33
oraclelinux
oraclelinux
postgresql security update
2021-05-06 00:00:00
postgresql:10 security and bug fix update
2020-09-09 00:00:00
postgresql:9.6 security update
2020-12-23 00:00:00
hackerone
hackerone
Internet Bug Bounty: Windows builds with insecure path defaults (CVE-2019-1552)
2019-08-28 00:18:59
almalinux
almalinux
Important: postgresql:9.6 security update
2020-12-17 15:20:53

0.003 Low

EPSS

Percentile

66.4%

JSON
Related for 2D1DDC9A6922C5A81EF6FA701763017E88B683CE9DF3036EE77B661157DF4815
kaspersky1openvas16nessus46fedora3ibm2debian3altlinux11ubuntu1osv5mageia1archlinux2freebsd1photon8prion4cve4postgresql4redhatcve4nvd4cvelist4debiancve2alpinelinux2suse2amazon5ubuntucve2veracode1f51centos1redhat10oraclelinux4hackerone1almalinux1