PT-2019-17022 · Postgresql+1 · Postgresql+1

Published

2019-07-01

Updated

2023-01-31

CVE-2019-4298

CVSS v3.1

7.7

High

Vector

S:U/A:N/PR:N/C:H/AC:L/AV:L/I:H/UI:N

Name of the Vulnerable Software and Affected Versions IBM Robotic Process Automation with Automation Anywhere version 11

Description The issue concerns the use of a high-privileged PostgreSQL account for database access in IBM Robotic Process Automation with Automation Anywhere. This could allow a local user to perform actions they should not have privileges to execute.

Recommendations For IBM Robotic Process Automation with Automation Anywhere version 11, consider restricting access to the PostgreSQL account to minimize the risk of exploitation. As a temporary workaround, review and adjust the database access privileges to ensure they align with the principle of least privilege.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2019-4298

Affected Products

Ibm Robotic Process Automation With Automation Anywhere

Postgresql

PT-2019-17022 · Postgresql+1 · Postgresql+1

CVE-2019-4298

Related Identifiers

Affected Products

References · 5