cbcvebase.
CVE-2023-41115
published 2023-12-12

CVE-2023-41115: An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and…

PriorityP338medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
EPSS
0.59%
43.7th percentile
An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. When using UTL_ENCODE, an authenticated user can read any large object, regardless of that user's permissions.

Affected

5 ranges
VendorProductVersion rangeFixed in
enterprisedbpostgres_advanced_server< 11.21.3211.21.32
enterprisedbpostgres_advanced_server>= 12.0.0 < 12.16.2012.16.20
enterprisedbpostgres_advanced_server>= 13.0.0 < 13.12.1713.12.17
enterprisedbpostgres_advanced_server>= 14.0.0 < 14.9.014.9.0
enterprisedbpostgres_advanced_server>= 15.0.0 < 15.4.015.4.0
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.