[Forgot Password]
Login  Register Subscribe

23631

 
 

126951

 
 

99602

 
 

909

 
 

80130

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2017-7546

Date: (C)2017-08-19   (M)2018-01-02 


PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to incorrect authentication flaw allowing remote attackers to gain access to database accounts with an empty password.

CVSS Score: 7.5Access Vector: NETWORK
Exploit Score: 10.0Access Complexity: LOW
Impact Score: 6.4Authentication: NONE
 Confidentiality: PARTIAL
 Integrity: PARTIAL
 Availability: PARTIAL





Reference:
BID-100278
SECTRACK-1039142
DSA-3935
DSA-3936
GLSA-201710-06
RHSA-2017:2677
RHSA-2017:2678
RHSA-2017:2728
RHSA-2017:2860
https://www.postgresql.org/about/news/1772/

CPE    16
cpe:/a:postgresql:postgresql:9.4.5
cpe:/a:postgresql:postgresql:9.3.3
cpe:/a:postgresql:postgresql:9.3.2
cpe:/a:postgresql:postgresql:9.3.1
...
CWE    1
CWE-287
OVAL    14
oval:org.secpod.oval:def:1600767
oval:org.secpod.oval:def:1600765
oval:org.secpod.oval:def:204570
oval:org.secpod.oval:def:502136
...

© 2013 SecPod Technologies