Researchers Disclose Supply-Chain Flaw Affecting IBM Cloud Databases for PostgreSQL


A high-severity security flaw in IBM’s Cloud Databases (ICD) for PostgreSQL product that could be used to alter internal repositories and execute unauthorised code has been patched.

The cloud security company Wiz has labelled the privilege escalation weakness, known as “Hell’s Keychain,” a “first-of-its-kind supply-chain attack vector compromising a cloud provider’s infrastructure.” A hostile actor might be able to read or edit data stored in the PostgreSQL database and remotely execute code in the environments of customers if the flaw is successfully exploited.

Read More…