Lucene search

K
ibmIBMF5C1559973F6872A9793E943A139CB74D4A387B83F51E164272A23CA029D5266
HistoryJul 26, 2021 - 2:44 p.m.

Security Bulletin: PostgreSQL vulnerabilities in IBM Robotic Process Automation with Automation Anywhere - CVE-2021-3393

2021-07-2614:44:45
www.ibm.com
17
ibm rpa with automation anywhere
postgresql
attack vulnerability

EPSS

0.001

Percentile

26.9%

Summary

IBM Robotic Process Automation with Automation Anywhere is vulnerable to attacks involving PostgreSQL.

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Affected Product(s) Version(s)
IBM Robotic Process Automation with Automation Anywhere 11.0

Remediation/Fixes

CVEID:CVE-2021-3393
**DESCRIPTION:**PostgreSQL could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw in the error messages. By sending a specially-crafted query, an attacker could exploit this vulnerability to obtain sensitive information from a column they have UPDATE permission but not SELECT permission to, and use this information to launch further attacks against the affected system.
CVSS Base score: 3.1
CVSS Temporal Score: See: <https://exchange.xforce.ibmcloud.com/vulnerabilities/199296&gt; for the current score.
CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

Workarounds and Mitigations

None