CVSS 3.1 Score 6.5 of 10 (medium)


Published Dec 12, 2023
Updated: Dec 14, 2023
CWE ID 200


CVE-2023-41114 is a vulnerability discovered in EnterpriseDB Postgres Advanced Server (EPAS) versions 11.21.32 and earlier, 12.x versions before 12.16.20, 13.x versions before 13.12.16, 14.x versions before 14.9.0, and 15.x versions before 15.4.0. This vulnerability allows an authenticated user to read any file from the local filesystem or remote system regardless of their permissions by exploiting the publicly executable functions get_url_as_text and get_url_as_bytea. The affected products include t1jDwH, t1jDwG, t1jDwF, t1jDwE, t1jDwI, rFFds_, rFFds-, rFFds9, rFFds8, and many others listed in the source data. The severity of this vulnerability is rated as MEDIUM with a base score of 6.5 according to the National Vulnerability Database (NVD). Users are advised to update their software to the latest patched version to remediate this vulnerability and protect their organization from potential information exposure risks. Note: The above report has been generated using the provided data without any additional external sources or context provided by the user

Leverage our Vulnerability Intelligence module to secure your systems now - get detailed insights on CVE-2024-37364. Book your demo today.


Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-41114 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options