Security Bulletin: Vulnerability in PostgreSQL may affect IBM Elastic Storage System


## Summary PostgreSQL could allow a remote attacker to gain unauthorized access to the system which may affect IBM Elastic Storage System. ## Vulnerability Details ** CVEID: **[CVE-2022-1552](<https://vulners.com/cve/CVE-2022-1552>) ** DESCRIPTION: **PostgreSQL remote authenticated attacker to bypass security restrictions, caused by an issue with not activate protection or too late with the Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck commands. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary SQL functions under a superuser identity. CVSS Base score: 8.8 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/226521](<https://exchange.xforce.ibmcloud.com/vulnerabilities/226521>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) ## Affected Products and Versions Affected Product(s)| Version(s) ---|--- IBM Elastic Storage System| - ## Remediation/Fixes IBM recommends that you fix this vulnerability by upgrading affected versions of IBM Elastic Storage System 3000, 3200, 3500 and 5000 to the following code levels or higher: V6.1.4.1 [https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Elastic+Storage+Server+(ESS)&release=6.1.4&platform=All&function=all](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Elastic+Storage+Server+%28ESS%29&release=6.1.4&platform=All&function=all>) ## Workarounds and Mitigations None ##

Affected Software

CPE Name Name Version
ibm elastic storage server 6.1.