Will upgrading to 10.8 fix the vulnerabilities below?

CVE-2021-3449

CVE-2006-2313

CVE-2021-3677

Full scan details below:  (Scanned by Qualys)

First Detected:

08/21/2021 at 08:40:47 AM (GMT+0000)

Last Detected:

08/07/2022 at 10:03:37 AM (GMT+0000)

Times Detected:

58

Last Fixed:

03/22/2022 at 09:59:45 PM (GMT+0000)

QID:

375772

Category:

Local

Associated CVEs:

CVE-2021-3449 CVE-2006-2313 CVE-2021-3677

Vendor Reference

PostgreSQL 9.x ,  PostgreSQL 10.x ,  PostgreSQL 11.x ,  PostgreSQL 12.x ,  PostgreSQL 13.x

Bugtraq ID:

-

Service Modified:

05/23/2022

User Modified:

-

Edited:

No

PCI Vuln:

Yes

CVSS Base:

7.5

CVSS Temporal:

5.5

CVSS3.1 Base:

6.5

CVSS3.1 Temporal:

5.7

THREAT:

PostgreSQL is a powerful, open source object-relational database system. It a strong reputation for reliability, feature robustness, and performance.

Affected Versions:
PostgreSQL versions before 13.4, before 12.8, before 11.13, before 10.18, before 9.6.23

QID Detection Logic(Auth):
This QID posts the version of PostgreSQL by checking file version of postgres.exe on windows and by sending psql version command on Linux.

IMPACT:

Successful exploitation of these vulnerabilities affects the Confidentiality, Integrity and Availability

 

SOLUTION:

efer to Ubuntu advisory PostgreSQL 9.x PostgreSQL 10.xPostgreSQL 11.xPostgreSQL 12.xPostgreSQL 13.xfor affected versions.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

PostgreSQL 10

PostgreSQL 10

PostgreSQL11

PostgreSQL12

PostgreSQL 13

COMPLIANCE:

Not Applicable

EXPLOITABILITY:

There is no exploitability information for this vulnerability.

ASSOCIATED MALWARE:

There is no malware information for this vulnerability.

RESULTS:

g:\Program Files\CA APM\PostgreSQL-9.6.2\bin\postgres.exe Version is 9.6.2.17071

Release : 10.8

Component : Introscope

We have certified the manual upgrade procedure from PostgreSQL database 9.6.2 to 13.4 in APM 10.8 so yes, the upgrade will resolve all the mentioned vulnerabilities.