Lucene search

K
ibmIBM49324EB90852977677AC2177F2C6052F17827EC953218BCBB3C21CA161C85053
HistoryMay 26, 2021 - 5:57 a.m.

Security Bulletin: Security Bypass Vulnerability in PostgreSQL Affects IBM Connect:Direct Web Services (CVE-2021-20229)

2021-05-2605:57:55
www.ibm.com
6
postgresql
ibm connect:direct web services
cve-2021-20229
vulnerability
fix central

EPSS

0.001

Percentile

26.9%

Summary

Security bypass vulnerability in PostgreSQL versions used by IBM Connect:Direct Web Services. IBM Connect:Direct Web Services has addressed the applicable CVEs.

Vulnerability Details

CVEID:CVE-2021-20229
**DESCRIPTION:**PostgreSQL could allow a remote authenticated attacker to obtain sensitive information, caused by improper privilege management. By sending a specially-crafted query, an attacker could exploit this vulnerability to obtain information for all columns of the table, and use this information to launch further attacks against the affected system.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/197301 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
Sterling Connect Direct Web Services 1.0
IBM Connect:Direct Web Services 6.0

Remediation/Fixes

Apply 6.1.0.5, available on Fix Central

Workarounds and Mitigations

None