Lucene search

K
ibmIBM556A89EA09FBD58C3E3C28153899F41DB734797A19F5B367C718AACEAE360F7F
HistoryMay 26, 2021 - 5:59 a.m.

Security Bulletin: Security Bypass Vulnerability in PostgreSQL Affects IBM Connect:Direct Web Services ( CVE-2021-3393)

2021-05-2605:59:08
www.ibm.com
11
security bypass
postgresql
ibm connect:direct web services
cve-2021-3393
vulnerability
remote attacker
sensitive information
remediation
fix central

EPSS

0.001

Percentile

26.9%

Summary

Security bypass vulnerability in PostgreSQL versions used by IBM Connect:Direct Web Services. IBM Connect:Direct Web Services has addressed the applicable CVEs.

Vulnerability Details

CVEID:CVE-2021-3393
**DESCRIPTION:**PostgreSQL could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw in the error messages. By sending a specially-crafted query, an attacker could exploit this vulnerability to obtain sensitive information from a column they have UPDATE permission but not SELECT permission to, and use this information to launch further attacks against the affected system.
CVSS Base score: 3.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/199296 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
Sterling Connect Direct Web Services 1.0
IBM Connect:Direct Web Services 6.0

Remediation/Fixes

Apply 6.1.0.5, available on Fix Central

Workarounds and Mitigations

None