An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It contains the function _dbms_aq_move_to_exception_queue that may be used to elevate a user's privileges to superuser. This function accepts the OID of a table, and then accesses that table as the superuser by using SELECT and DML commands.
Conclusion & alert: CVE-2023-41119 is rated Moderate Risk (51.5/100): CVSS High severity, with low exploitation likelihood (EPSS 0.62%). Mandatory action: Review affected assets and schedule remediation.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2026-06-15 | 0.08% | 0.62% | +0.55% |
| 2 | 2025-11-21 | 0.20% | 0.08% | -0.12% |
| 3 | 2025-11-18 | — | 0.20% | — |
Full EPSS history (9 records total)
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 8.8 | 3.1 | HIGH |
|
2.8 | 5.9 | [email protected] |
| 8.8 | 3.1 | HIGH |
|
2.8 | 5.9 | [email protected] |
| Vendor | Product | Version | Raw CPE |
|---|---|---|---|
| enterprisedb | postgres_advanced_server | < 11.21.32 | cpe:2.3:a:enterprisedb:postgres_advanced_server:*:*:*:*:*:*:*:* |
| enterprisedb | postgres_advanced_server | >= 12.0.0, < 12.16.20 | cpe:2.3:a:enterprisedb:postgres_advanced_server:*:*:*:*:*:*:*:* |
| enterprisedb | postgres_advanced_server | >= 13.0.0, < 13.12.17 | cpe:2.3:a:enterprisedb:postgres_advanced_server:*:*:*:*:*:*:*:* |
| enterprisedb | postgres_advanced_server | >= 14.0.0, < 14.9.0 | cpe:2.3:a:enterprisedb:postgres_advanced_server:*:*:*:*:*:*:*:* |
| enterprisedb | postgres_advanced_server | >= 15.0.0, < 15.4.0 | cpe:2.3:a:enterprisedb:postgres_advanced_server:*:*:*:*:*:*:*:* |
| URL | Tags |
|---|---|
| https://www.enterprisedb.com/docs/security/advisories/cve202341119/ | Vendor Advisory |