The DBA Management Server component of EnterpriseDB Postgres Plus Advanced Server does not restrict access to the underlying JBoss JMX Console. This can be abused by remote, unauthenticated attackers to execute arbitrary code on the vulnerable server. This module uploads an arbitrary .WAR application to the target in order to deploy an agent on it. On Windows targets, the deployed agent will run with SYSTEM privileges.
Product Name