PGAdmin Remote Code Execution Vulnerability - 20240408001¶
Overview¶
The vulnerability allows attackers to execute arbitrary code on the server hosting PGAdmin, posing a severe risk to both the database management system's integrity and the security of the underlying data.
What is vulnerable?¶
| CVE | Severity | CVSS | Product(s) Affected |
|---|---|---|---|
| CVE-2024-3116 | High | 7.4 | pgAdmin \<= 8.4 |
Recommendation¶
The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe.* (refer Patch Management):