Security bypass vulnerability in PostgreSQL versions used by IBM Connect:Direct Web Services. IBM Connect:Direct Web Services has addressed the applicable CVEs.
CVEID:CVE-2021-20229
**DESCRIPTION:**PostgreSQL could allow a remote authenticated attacker to obtain sensitive information, caused by improper privilege management. By sending a specially-crafted query, an attacker could exploit this vulnerability to obtain information for all columns of the table, and use this information to launch further attacks against the affected system.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/197301 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)
Affected Product(s) | Version(s) |
---|---|
Sterling Connect Direct Web Services | 1.0 |
IBM Connect:Direct Web Services | 6.0 |
Apply 6.1.0.5, available on Fix Central
None