Lucene search

K
ibmIBM79E51A4D47CD0C194A437D173635DF17CF1571876CBEDA0E4CAC7C29C6E502D6
HistoryNov 12, 2021 - 8:30 p.m.

Security Bulletin: PostgreSQL vulnerabilities in IBM Robotic Process Automation with Automation Anywhere - CVE-2021-32028

2021-11-1220:30:29
www.ibm.com
22
ibm robotic process automation
automation anywhere
postgresql
cve-2021-32028
vulnerability
microsoft sql server
upgrade

EPSS

0.001

Percentile

31.3%

Summary

IBM Robotic Process Automation with Automation Anywhere is vulnerable to attacks involving PostgreSQL.

Vulnerability Details

CVEID:CVE-2021-32028
**DESCRIPTION:**PostgreSQL could allow a remote authenticated attacker to obtain sensitive information, caused by a memory disclosure vulnerability when using an INSERT … ON CONFLICT … DO UPDATE command on a purpose-crafted table. By creating prerequisite objects, an attacker could exploit this vulnerability to read arbitrary bytes of server memory.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/203616 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Robotic Process Automation with Automation Anywhere 11.0

Remediation/Fixes

The recommended solution is to use Microsoft SQL Server or upgrade to IBM Robotic Process Automation with Automation Anywhere 19.0

Workarounds and Mitigations

None