PostgreSQL as used by IBM QRadar SIEM is vulnerable to information disclosure
CVEID:CVE-2021-32028
**DESCRIPTION:**PostgreSQL could allow a remote authenticated attacker to obtain sensitive information, caused by a memory disclosure vulnerability when using an INSERT … ON CONFLICT … DO UPDATE command on a purpose-crafted table. By creating prerequisite objects, an attacker could exploit this vulnerability to read arbitrary bytes of server memory.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/203616 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)
CVEID:CVE-2021-32027
**DESCRIPTION:**PostgreSQL could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an integer overflow while modifying certain SQL array values. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/202823 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)
IBM QRadar SIEM 7.3.0 to 7.3.3 Fix Pack 9
IBM QRadar SIEM 7.4.0 to 7.4.3 Fix Pack 2
QRadar / QRM / QVM / QRIF / QNI 7.3.3 Fix Pack 10
QRadar / QRM / QVM / QRIF / QNI 7.4.3 Fix Pack 3
QRadar / QRM / QVM / QRIF / QNI 7.4.3 Fix Pack 4
Note: Version 7.4.3 Fix Pack 3 is only available to QRadar on Cloud users. QRadar 7.4.3 Fix Pack 3 was removed for on-premise QRadar SIEM users.
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm qradar siem | eq | 7.3 | |
ibm qradar siem | eq | 7.4 | |
ibm qradar siem | eq | 7.3 | |
ibm qradar siem | eq | 7.4 |