Recently several new vulnerabilities, some with exploit code, have been made public in the DB2 database and PostgresSQL products.
Given the core sensitivity of the data and business processes often handled by these applications, we thought we would post about them.
If you are running these applications as a part of your core business processes, now might be a good time to check with the vendor support sites, download the available updates and get them into your maintenance windows as a critical update.
Given the exploit code availability and the ease of exploitation for a couple of these issues, their impact could be high if an attacker is in position to leverage them against your organization.
As with all of your applications, these should already be a part of your ongoing patching cycles, though these components are often missed or ignored as “too critical to patch”.
Don’t make that mistake.
If you would like more information about the issues or would like to schedule a briefing privately with one of our engineers, please give your account executive a call or email.
Cross-posted from State of Security