The vulnerability of the PostgreSQL database management system, related to errors when using OR commands with extensions, allows a perpetrator to increase their privileges and replace arbitrary objects in the database.

🗓️ 15 Aug 2022 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 2 Views

PostgreSQL OR commands with extensions cause privilege escalation and object replacement.

Reporter	Title	Published	Views	Family All 216
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities fixed in IBM Security Verify Governance	11 Jan 202416:41	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Security Vulnerabilities were identified in IBM Security Verify Access.	9 Jan 202420:27	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar SIEM includes multiple components with known vulnerabilities	13 Feb 202313:10	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in PostgreSQL may affect IBM Spectrum Protect Plus (CVE-2022-2625, CVE-2022-1552, CVE-2021-3677)	30 Mar 202316:07	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities including remote code execution in Apache Commons Text 1.9	8 Dec 202204:10	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple PostgreSQL Vulnerability affects IBM Storage Scale System (CVE-2023-2454, CVE-2022-2625)	22 Dec 202317:20	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Sterling Connect:Direct Web Services is vulnerable to remote authenticated attacker to execute arbitrary code on the system due to PostgreSQL (CVE-2022-2625)	29 Nov 202217:05	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in PostgreSQL, Open JDK, and Jettison may affect IBM Spectrum Copy Data Management	9 Dec 202214:16	–	ibm
ALT Linux	Security fix for the ALT Linux 10 package postgresql12 version 12.12-alt1	18 Aug 202200:00	–	altlinux
ALT Linux	Security fix for the ALT Linux 9 package postgresql12-1C version 12.11-alt0.M90P.3	1 Sep 202200:00	–	altlinux

Vulners

Node

postgresql postgresqlRange<14.5

OR

postgresql postgresqlRange<13.8

OR

postgresql postgresqlRange<12.12

OR

postgresql postgresqlRange<11.17

OR

postgresql postgresqlRange<10.22

OR

postgres_professional postgres_pro_certifiedRange<11.17.1

OR

postgres_professional postgres_pro_certifiedRange<14.5.1

Source	Link
postgresql	www.postgresql.org/about/news/postgresql-145-138-1212-1117-1022-and-15-beta-3-released-2496/
wiki	www.wiki.astralinux.ru/astra-linux-se17-bulletin-2022-1011SE17MD
xn--80ahaefyxhn	www.xn--80ahaefyxhn.xn--j1afgaq.xn--p1ai/bin/view/%D0%9E%D0%A1%D0%BD%D0%BE%D0%B2%D0%B0/%D0%9E%D0%B1%D0%BD%D0%BE%D0%B2%D0%BB%D0%B5%D0%BD%D0%B8%D1%8F/2.6/
wiki	www.wiki.astralinux.ru/astra-linux-se47-bulletin-2022-1121SE47
wiki	www.wiki.astralinux.ru/astra-linux-se17-bulletin-2023-1023SE17
altsp	www.altsp.su/obnovleniya-bezopasnosti/
web	www.web.nvd.nist.gov/view/vuln/detail

13 Nov 2023 00:00Current

7High risk

Vulners AI Score7

CVSS 38

CVSS 29

EPSS0.0152

PostgreSQL vulnerability or commands extensions privilege escalation object replacement