Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM49324EB90852977677AC2177F2C6052F17827EC953218BCBB3C21CA161C85053
HistoryMay 26, 2021 - 5:57 a.m.

Security Bulletin: Security Bypass Vulnerability in PostgreSQL Affects IBM Connect:Direct Web Services (CVE-2021-20229)

2021-05-2605:57:55
www.ibm.com
6
postgresql
ibm connect:direct web services
cve-2021-20229
vulnerability
fix central

EPSS

0.001

Percentile

26.9%

JSON

Summary

Security bypass vulnerability in PostgreSQL versions used by IBM Connect:Direct Web Services. IBM Connect:Direct Web Services has addressed the applicable CVEs.

Vulnerability Details

CVEID:CVE-2021-20229
**DESCRIPTION:**PostgreSQL could allow a remote authenticated attacker to obtain sensitive information, caused by improper privilege management. By sending a specially-crafted query, an attacker could exploit this vulnerability to obtain information for all columns of the table, and use this information to launch further attacks against the affected system.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/197301 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
Sterling Connect Direct Web Services 1.0
IBM Connect:Direct Web Services 6.0

Remediation/Fixes

Apply 6.1.0.5, available on Fix Central

Workarounds and Mitigations

None

Related

prion 1
redhatcve 1
osv 2
debiancve 1
nvd 1
ibm 2
alpinelinux 1
openvas 5
cvelist 1
postgresql 1
veracode 1
cbl_mariner 1
cve 1
ubuntucve 1
kaspersky 1
mageia 1
gentoo 1
nessus 7
altlinux 3
archlinux 1
prion
prion
Design/Logic Flaw
2021-02-23 18:15:00
redhatcve
redhatcve
CVE-2021-20229
2021-02-11 17:06:33
osv
osv
BIT-postgresql-2021-20229
2024-03-06 11:05:42
CVE-2021-20229
2021-02-23 18:15:13
debiancve
debiancve
CVE-2021-20229
2021-02-23 18:15:13
nvd
nvd
CVE-2021-20229
2021-02-23 18:15:13
ibm
ibm
Security Bulletin: PostgreSQL vulnerabilities in IBM Robotic Process Automation with Automation Anywhere - CVE-2021-20229
2021-07-26 14:44:05
Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities
2021-05-05 05:44:47
alpinelinux
alpinelinux
CVE-2021-20229
2021-02-23 18:15:13
openvas
openvas
PostgreSQL < 9.5.25, 9.6.x < 9.6.21, 10.x < 10.16, 11.x < 11.11, 12.x < 12.6, 13.x < 13.2 Information Disclosure Vulnerability - Windows
2021-02-24 00:00:00
PostgreSQL < 9.5.25, 9.6.x < 9.6.21, 10.x < 10.16, 11.x < 11.11, 12.x < 12.6, 13.x < 13.2 Information Disclosure Vulnerability - Linux
2021-02-24 00:00:00
Mageia: Security Advisory (MGASA-2021-0121)
2022-01-28 00:00:00
cvelist
cvelist
CVE-2021-20229
2021-02-23 17:40:53
postgresql
postgresql
Vulnerability in core server (CVE-2021-20229)
2021-02-23 18:15:00
veracode
veracode
Privilege Escalation
2021-02-12 01:49:26
cbl_mariner
cbl_mariner
CVE-2021-20229 affecting package postgresql 12.5-2
2021-06-20 03:47:42
cve
cve
CVE-2021-20229
2021-02-23 18:15:13
ubuntucve
ubuntucve
CVE-2021-20229
2021-02-23 00:00:00
kaspersky
kaspersky
KLA12088 Multiple vulnerabilities in PostgreSQL
2021-02-11 00:00:00
mageia
mageia
Updated postgresql packages fix security vulnerabilities
2021-03-12 04:25:47
gentoo
gentoo
PostgreSQL: Multiple vulnerabilities
2021-05-26 00:00:00
nessus
nessus
SUSE SLED15 / SLES15 Security Update : postgresql13 (SUSE-SU-2021:0543-1)
2021-02-23 00:00:00
Puppet Enterprise < 2019.8.6 PostgreSQL Vulnerabilities
2023-11-01 00:00:00
PostgreSQL 11.x < 11.11 / 12.x < 12.6 / 13.x < 13.2 Multiple Vulnerabilities
2021-04-09 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package postgresql13 version 13.2-alt1
2021-02-11 00:00:00
Security fix for the ALT Linux 10 package postgresql14 version 13.2-alt1
2021-02-11 00:00:00
Security fix for the ALT Linux 10 package postgresql15 version 13.2-alt1
2021-02-11 00:00:00
archlinux
archlinux
[ASA-202102-31] postgresql: information disclosure
2021-02-20 00:00:00

EPSS

0.001

Percentile

26.9%

JSON
Related for 49324EB90852977677AC2177F2C6052F17827EC953218BCBB3C21CA161C85053
prion1redhatcve1osv2debiancve1nvd1ibm2alpinelinux1openvas5cvelist1postgresql1veracode1cbl_mariner1cve1ubuntucve1kaspersky1mageia1gentoo1nessus7altlinux3archlinux1