Vulnerability Details CVE-2023-41115
An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. When using UTL_ENCODE, an authenticated user can read any large object, regardless of that user's permissions.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 43.1%
CVSS Severity
CVSS v3 Score 6.5
References
Products affected by CVE-2023-41115
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:-
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:10.0.0
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:10.10.18
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:10.11.19
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:10.12.20
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:10.13.21
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:10.14.22
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:10.14.23
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:10.15.24
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:10.16.25
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:10.17.26
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:10.17.27
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:10.18.28
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:10.19.29
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:10.20.30
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:10.21.31
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:10.22.32
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:10.23.33
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:10.4.9
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:10.5.12
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:10.6.13
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:10.7.15
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:10.8.16
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:10.9.17
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:11.1.7
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:11.10.19
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:11.11.20
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:11.12.21
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:11.12.22
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:11.13.23
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:11.14.24
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:11.15.25
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:11.16.26
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:11.17.28
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:11.18.29
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:11.19.30
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:11.2.9
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:11.3.10
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:11.4.11
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:11.5.12
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:11.6.13
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:11.7.14
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:11.8.15
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:11.9.16
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:11.9.17
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:12.0.0
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:12.1.2
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:12.10.14
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:12.11.15
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:12.12.16
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:12.13.17
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:12.14.18
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:12.2.3
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:12.3.4
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:12.4.5
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:12.5.6
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:12.6.7
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:12.7.0
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:12.7.10
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:12.8.12
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:12.9.13
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:13.0.0
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:13.1.4
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:13.10.14
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:13.12.16
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:13.2.5
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:13.3.6
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:13.3.7
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:13.4.8
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:13.5.9
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:13.6.10
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:13.7.11
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:13.8.12
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:13.9.13
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:14.0.0
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:14.1.0
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:14.2.1
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:14.3.0
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:14.4.0
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:14.5.0
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:14.6.0
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:14.7.0
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:15.0.0
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:8.2