CVE-2019-19477 - Privilege Escalation vulnerability

This document explains the problem and the fix for CVE-2019-19477 privilege-escalation vulnerability that has been reported.

Vulnerability ID : CVE-2019-19477
Update Release build : 100545
Update Release Date : 05-April-2020
Reported by: Secure D Center Research Team

Vulnerability details

This vulnerability occurs due to insecure file permissions to PostgreSQL data folder and PostgreSQL configuration file setting. If this vulnerability is exploited, threat actors can gain elevated privileges and can run arbitrary codes to gain full system privilege user access.

How to fix it?

These vulnerabilities have been identified and fixed. To apply the fix, follow the steps mentioned below:

If you are on older builds or build versions lower than 10.0.545, visit the Service packs page and download the latest build version.
Install this build.

Keywords: Privilege escalation vulnerabilty, Security Updates, Vulnerabilities and Fixes.