IBM Robotic Process Automation with Automation Anywhere is vulnerable to attacks involving PostgreSQL.
CVEID:CVE-2019-10130
**DESCRIPTION:**PostgreSQL could allow a remote authenticated attacker to bypass security restrictions, caused by improper input validation by the row security policy. By sending a specially-crafted SQL queries, an attacker could exploit this vulnerability to bypass row security policies.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/160903 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)
CVEID:CVE-2019-10127
**DESCRIPTION:**PostgreSQL could allow a local authenticated attacker to execute arbitrary code on the system, caused by the failure to clear permissive ACL entries by the BigSQL Windows installer. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/160900 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVEID:CVE-2019-10129
**DESCRIPTION:**PostgreSQL could allow a remote authenticated attacker to obtain sensitive information, caused by improper input validation in the partitioned table. By sending a specially-crafted INSERT statement, an attacker could exploit this vulnerability to read arbitrary bytes of server memory.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/160902 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)
CVEID:CVE-2019-10128
**DESCRIPTION:**Postgresql could allow a local authenticated attacker to execute arbitrary code on the system, caused by the failure to clear permissive ACL entries by the EnterpriseDB Windows installer. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/160901 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Affected Product(s) | Version(s) |
---|---|
IBM Robotic Process Automation with Automation Anywhere | 11.0 |
Product | VRMF | Remediation / First Fix |
---|---|---|
IBM Robotic Process Automation with Automation Anywhere | 11.0.0.8 | IBM Robotic Process Automation Anywhere v11.0.0.8 Date 1/21/2020 |
None