VDB
GCVE-110-CLOUD-2022-0004
GCVE-110-CLOUD-2022-0004
Advisory Published
IBM Cloud Databases for PostgreSQL was vulnerable to an attack sequence
comprised of PostgreSQL privilege escalation via SQL Injection and chaining
of three secrets scattered in the service environment (a K8s service account
token, a private container registry password, and CI/CD server credentials),
which were abusable due to overly permissive network access to internal build
servers. A malicious actor could have exploited this vulnerability to remotely
execute code in other customers’ environments in order to read and modify data
stored in their PostgreSQL databases.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| IBM Cloud | Cloud Services | — | — |
| IBM Cloud | IBM Cloud Databases | — | — |
Browse GCVE Records
73,393 records in the GCVE database · Updated July 17, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.