CVE-2023-41119

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Dec 12, 2023
Updated: Dec 14, 2023
CWE ID 269

Summary

CVE-2023-41119 is a vulnerability found in EnterpriseDB Postgres Advanced Server versions before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. The vulnerability allows an attacker to elevate their privileges to superuser by exploiting the function _dbms_aq_move_to_exception_queue, which accepts the OID of a table and accesses it as the superuser using SELECT and DML commands. The affected products include t1jDwH, t1jDwG, t1jDwF, t1jDwE, t1jDwI, rFFds_, rFFds-, and many others listed in the text. To remediate the issue, organizations should update their EnterpriseDB Postgres Advanced Server to version 11.21.32 or higher for the affected versions mentioned above. This vulnerability poses a high danger to organizations as it allows unauthorized elevation of privileges and potential access to sensitive data or unauthorized modification of database contents. Note: The text provided does not mention how to remediate the vulnerability or the potential danger it poses explicitly but provides information about the affected products and version updates that can be used for remediation purposes along with the nature of the vulnerability itself which can help assess its potential danger to an organization

Share

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-41119 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options