CVE-2024-49042

CVSS 3.1 Score 7.2 of 10 (high)

Details

Published Nov 12, 2024

Updated: Nov 13, 2024

CWE ID 77

Summary

CVE-2024-49042 is an elevation of privilege vulnerability affecting Azure Database for PostgreSQL Flexible Servers. This issue allows unauthenticated attackers to execute arbitrary SQL statements as the db_datareader fixed server role, which can result in unauthorized access to sensitive data or unintended database modifications. The vulnerability exists due to a misconfiguration in the extension and can be exploited through specially crafted requests to the extension endpoint. Microsoft has released a patch to mitigate the risk of this vulnerability, and it is strongly recommended that users apply the update as soon as possible to protect their databases.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners

CVE-2024-49042

CVSS 3.1 Score 7.2 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations