CVE-2018-25088

Name of the Vulnerable Software and Affected Versions Blue Yonder postgraas server versions up to 2.0.0b2

Description A critical issue was found in the PostgreSQL Backend Handler component, specifically in the create pg connection/create postgres db function of the postgraas server/backends/postgres cluster/postgres cluster driver.py file. This issue leads to sql injection.

Recommendations To address this issue, upgrade to version 2.0.0. As a temporary workaround, consider restricting access to the vulnerable postgraas server component to minimize the risk of exploitation.