Intrusion PreventionPostgreSQL.COPY.FROM.PROGRAM.Authenticated.Command.Injection
Description
This indicates an attack attempt against an Potential Remote Command Injection vulnerability in PostgreSQL.
The vulnerabilities is due to an error in the application when executing SQL queries from database's superusers and database's users in the 'pg_read_server_files' group. A remote attacker with such a privilege role can exploit this to execute arbitrary code in the context of the database's operating system via a craft SQL query.
Affected Products
PostgreSQL version 9.3 to version 11.2
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Currently we are unaware of any vendor supplied patch or updates available for this issue.
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2019-06-28 | 14.641 | Default_action:pass:drop |
| 2019-06-06 | 14.627 | Severity:medium:high |
| 2019-05-23 | 14.619 |
| ID | 47835 |
| Created | May 23, 2019 |
| Updated | Sep 24, 2020 |
| Risk |
|
| CVE ID | CVE-2019-9193 |
| Exploit Prediction Score | 97.49% |
| Default Action | drop |
| Active | |
| Affected OS | Windows, Linux |
| Affected App | PostgreSQL |