We ran vulnerability scans and found that we are on a version of Postgres that has vulnerabilities.
We are on CA APM version 10.7 SP3 and have applied hotfix HF41.
Is there an update that we can apply to get the Postgres up to 9.6.20?
the findings are below
PostgreSQL 9.5.x < 9.5.24 / 9.6.x < 9.6.20 / 10.x < 10.15 / 11.x < 11.10 / 12.x < 12.5 / 13.x < 13.1 Multiple Vulnerabilities
Path : F:\Program Files\CA APM\PostgreSQL-9.6.2
Installed version : 9.6.2
Fixed version : 9.6.20
The version of PostgreSQL installed on the remote host is 9.5 prior to 9.5.24, 9.6 prior to 9.6.20, 10 prior to 10.15, 11 prior to 11.10, 12 prior to 12.5, or 13 prior to 13.1. As such, it is potentially affected by multiple vulnerabilities :
- Multiple features escape security restricted operation sandbox (CVE-2020-25695)
- Reconnection can downgrade connection security settings (CVE-2020-25694)
- psql's gset allows overwriting specially treated variables (CVE-2020-25696) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Release : 10.7.0
Component : Integration with APM
The fix will added to CA APM 10.7 SP4 - Current ETA July 31st.