Lucene search
IBM16B9B589B0EF8AF7B59464CE53E1E3CD39995B5FF492B2C6CBC5ECCD6062A1DCHistoryJan 12, 2021 - 10:59 a.m.
Security Bulletin: PostgreSQL Vulnerability Affects IBM Sterling Connect:Direct for Microsoft Windows (CVE-2020-25696)
2021-01-1210:59:19
www.ibm.com
22
0.004 Low
EPSS
Percentile
73.1%
Summary
There is a vulnerability in PostgreSQL 9.5 and 11 used by IBM Sterling Connect:Direct for Microsoft Windows. IBM Sterling Connect:Direct for Microsoft Windows has addressed the applicable CVE.
Vulnerability Details
CVEID:CVE-2020-25696
**DESCRIPTION:**PostgreSQL could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the psql interactive terminal. If an interactive psql session uses \gset when querying a compromised server, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 8.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/192321 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM Sterling Connect Direct for Microsoft Windows | 4.8.0.0 - 4.8.0.3_iFix025 |
| IBM Connect Direct for Microsoft Windows | 6.0.0.0 - 6.0.0.4_iFix024 |
| IBM Connect Direct for Microsoft Windows | 6.1.0.0 - 6.1.0.1_iFix004 |
Remediation/Fixes
| Product | VRMF | APAR | Remediation / First Fix |
|---|---|---|---|
| IBM Sterling Connect:Direct for Microsoft Windows | 4.8.0 | IT35371 | Apply 4.8.0.3_iFix026, available on Fix Central |
| IBM Connect:Direct for Microsoft Windows | 6.0.0 | IT35371 | Apply 6.0.0.4_iFix025, available on Fix Central |
| IBM Connect:Direct for Microsoft Windows | 6.1.0 | IT35371 | Apply 6.1.0.1_iFix005, available on Fix Central |
| For unsupported versions IBM recommends upgrading to a fixed, supported version of the product. |
Workarounds and Mitigations
None
Related
veracode
veracode
Overwriting Variables
2020-11-20 09:48:27
debiancve
debiancve
CVE-2020-25696
2020-11-23 22:15:12
f5
f5
K72430453 : PostgreSQL vulnerability CVE-2020-25696
2020-12-22 00:00:00
ubuntucve
ubuntucve
CVE-2020-25696
2020-11-13 00:00:00
nvd
nvd
CVE-2020-25696
2020-11-23 22:15:12
prion
prion
Design/Logic Flaw
2020-11-23 22:15:00
osv
osv
BIT-postgresql-2020-25696
2024-03-06 11:05:53
CVE-2020-25696
2020-11-23 22:15:12
postgresql-10, postgresql-12, postgresql-9.5 vulnerabilities
2020-11-17 13:03:44
ibm
ibm
cvelist
cvelist
CVE-2020-25696
2020-11-23 21:15:47
alpinelinux
alpinelinux
CVE-2020-25696
2020-11-23 22:15:12
cbl_mariner
cbl_mariner
CVE-2020-25696 affecting package postgresql 12.5-1
2021-06-20 03:47:42
cve
cve
CVE-2020-25696
2020-11-23 22:15:12
redhatcve
redhatcve
CVE-2020-25696
2020-11-12 15:24:04
cnvd
cnvd
PostgreSQL Arbitrary Code Execution Vulnerability (CNVD-2022-06539)
2020-11-24 00:00:00
postgresql
postgresql
Vulnerability in client (CVE-2020-25696)
2020-11-23 22:15:00
nessus
nessus
RHEL 8 : libpq (RHSA-2021:0165)
2021-01-20 00:00:00
RHEL 8 : libpq (RHSA-2020:5401)
2020-12-14 00:00:00
NewStart CGSL MAIN 6.02 : libpq Multiple Vulnerabilities (NS-SA-2021-0085)
2021-03-10 00:00:00
redhat
redhat
(RHSA-2020:5401) Important: libpq security update
2020-12-14 12:34:53
(RHSA-2020:5638) Important: libpq security update
2020-12-21 09:58:32
(RHSA-2021:0165) Important: libpq security update
2021-01-18 09:22:04
oraclelinux
oraclelinux
libpq security update
2020-12-15 00:00:00
postgresql:10 security update
2020-12-22 00:00:00
postgresql:12 security update
2020-12-23 00:00:00
almalinux
almalinux
Important: libpq security update
2020-12-14 12:34:53
Important: postgresql:10 security update
2020-12-16 08:03:04
Important: postgresql:12 security update
2020-12-17 15:30:10
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2020:3464-1)
2021-04-19 00:00:00
SUSE: Security Advisory (SUSE-SU-2021:0217-1)
2021-04-19 00:00:00
SUSE: Security Advisory (SUSE-SU-2020:3455-1)
2021-04-19 00:00:00
suse
suse
Security update for postgresql10 (important)
2020-11-26 00:00:00
Security update for postgresql10 (important)
2020-11-26 00:00:00
Security update for postgresql12 (important)
2020-11-26 00:00:00
kaspersky
kaspersky
KLA12005 Multiple vulnerabilities in PostgreSQL
2020-11-12 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package postgresql14 version 13.1-alt1
2020-11-16 00:00:00
Security fix for the ALT Linux 10 package postgresql15 version 13.1-alt1
2020-11-16 00:00:00
Security fix for the ALT Linux 9 package postgresql9.6 version 9.6.20-alt1
2020-11-16 00:00:00
debian
debian
[SECURITY] [DLA 2478-1] postgresql-9.6 security update
2020-12-02 11:04:53
gentoo
gentoo
PostgreSQL: Multiple vulnerabilities
2020-12-07 00:00:00
amazon
amazon
Important: postgresql95, postgresql96
2021-01-12 22:52:00
archlinux
archlinux
[ASA-202011-14] postgresql: multiple issues
2020-11-17 00:00:00
ubuntu
ubuntu
PostgreSQL vulnerabilities
2020-11-17 00:00:00
mageia
mageia
Updated postgresql packages fix security vulnerabilities
2020-11-21 15:21:00
fedora
fedora
[SECURITY] Fedora 33 Update: postgresql-12.6-1.fc33
2021-02-26 01:10:06
rocky
rocky
postgresql:12 security update
2020-12-17 15:30:10
0.004 Low
EPSS
Percentile
73.1%
Related for 16B9B589B0EF8AF7B59464CE53E1E3CD39995B5FF492B2C6CBC5ECCD6062A1DC