Lucene search

K
kasperskyKaspersky LabKLA52239
HistoryAug 10, 2023 - 12:00 a.m.

KLA52239 RCE vulnerability in PostgreSQL

2023-08-1000:00:00
Kaspersky Lab
threats.kaspersky.com
16
postgresql
rce vulnerability
remote code execution
update
cve-2023-39418
15.x
warning

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

6.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.3%

Remote code execution vulnerability was found in PostgreSQL. Malicious users can exploit this vulnerability to execute arbitrary code.

Original advisories

PostgreSQL: CVE-2023-39418: MERGE fails to enforce UPDATE or SELECT row security policies

Related products

PostgreSQL

CVE list

CVE-2023-39418 warning

Solution

Update to the latest version

Download PostgreSQL

Impacts

  • ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

  • SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

Affected Products

  • PostgreSQL 15.x earlier than 15.4

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

6.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.3%