Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOPs

2022-12-15T01:55:24

Description

## Summary Multiple vulnerabilities were fixed in IBM Cloud Pak for Watson AIOps version 3.6. ## Vulnerability Details ** CVEID: **[CVE-2018-8023](<https://vulners.com/cve/CVE-2018-8023>) ** DESCRIPTION: **Apache Mesos could allow a remote attacker to obtain sensitive information, caused by a timing attack in the JSON Web Token (JWT) implementation. By abusing the timing difference of when the JWT validation function returns, an attacker could exploit this vulnerability to obtain the valid HMAC value. CVSS Base score: 5.3 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/150215](<https://exchange.xforce.ibmcloud.com/vulnerabilities/150215>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) ** CVEID: **[CVE-2022-21626](<https://vulners.com/cve/CVE-2022-21626>) ** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Security component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. CVSS Base score: 5.3 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/238689](<https://exchange.xforce.ibmcloud.com/vulnerabilities/238689>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) ** CVEID: **[CVE-2022-1552](<https://vulners.com/cve/CVE-2022-1552>) ** DESCRIPTION: **PostgreSQL remote authenticated attacker to bypass security restrictions, caused by an issue with not activate protection or too late with the Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck commands. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary SQL functions under a superuser identity. CVSS Base score: 8.8 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/226521](<https://exchange.xforce.ibmcloud.com/vulnerabilities/226521>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) ** CVEID: **[CVE-2022-41854](<https://vulners.com/cve/CVE-2022-41854>) ** DESCRIPTION: **snakeYAML is vulnerable to a denial of service, caused by improper input validation. By persuading a victim to open a specially-crafted YAML content, a remote attacker could exploit this vulnerability to cause a denial of service condition. CVSS Base score: 6.5 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/240890](<https://exchange.xforce.ibmcloud.com/vulnerabilities/240890>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) ** CVEID: **[CVE-2022-23806](<https://vulners.com/cve/CVE-2022-23806>) ** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by a flaw with IsOnCurve function returns true for invalid field elements. By sending a specially-crafted request, an attacker could exploit this vulnerability to causes a panic in ScalarMult, and results in a denial of condition. CVSS Base score: 7.5 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/219444](<https://exchange.xforce.ibmcloud.com/vulnerabilities/219444>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) ## Affected Products and Versions Affected Product(s)| Version(s) ---|--- IBM Cloud Pak for Watson AIOps| 3.x IBM Cloud Pak for Watson AIOps| 3.x IBM Cloud Pak for Watson AIOps| 3.x IBM Cloud Pak for Watson AIOps| 3.x IBM Cloud Pak for Watson AIOps| 3.x ## Remediation/Fixes IBM strongly suggests that you address the vulnerabilities now for all affected products/versions listed above by installing Fix: <https://www.ibm.com/docs/en/SSJGDOB_3.6.0/upgrading/upgrading.html> ## Workarounds and Mitigations None ##

Affected Software

CPE Name	Name	Version
	ibm cloud pak for watson aiops	3.6

{"id": "F0BEE71D1E1E1F410EAE7CBBF899A463124708682905DE5AB537B39047C97A14", "vendorId": null, "type": "ibm", "bulletinFamily": "software", "title": "Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOPs", "description": "## Summary\n\nMultiple vulnerabilities were fixed in IBM Cloud Pak for Watson AIOps version 3.6.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2018-8023](<https://vulners.com/cve/CVE-2018-8023>) \n** DESCRIPTION: **Apache Mesos could allow a remote attacker to obtain sensitive information, caused by a timing attack in the JSON Web Token (JWT) implementation. By abusing the timing difference of when the JWT validation function returns, an attacker could exploit this vulnerability to obtain the valid HMAC value. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/150215](<https://exchange.xforce.ibmcloud.com/vulnerabilities/150215>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2022-21626](<https://vulners.com/cve/CVE-2022-21626>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Security component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/238689](<https://exchange.xforce.ibmcloud.com/vulnerabilities/238689>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2022-1552](<https://vulners.com/cve/CVE-2022-1552>) \n** DESCRIPTION: **PostgreSQL remote authenticated attacker to bypass security restrictions, caused by an issue with not activate protection or too late with the Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck commands. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary SQL functions under a superuser identity. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/226521](<https://exchange.xforce.ibmcloud.com/vulnerabilities/226521>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-41854](<https://vulners.com/cve/CVE-2022-41854>) \n** DESCRIPTION: **snakeYAML is vulnerable to a denial of service, caused by improper input validation. By persuading a victim to open a specially-crafted YAML content, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/240890](<https://exchange.xforce.ibmcloud.com/vulnerabilities/240890>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-23806](<https://vulners.com/cve/CVE-2022-23806>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by a flaw with IsOnCurve function returns true for invalid field elements. By sending a specially-crafted request, an attacker could exploit this vulnerability to causes a panic in ScalarMult, and results in a denial of condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/219444](<https://exchange.xforce.ibmcloud.com/vulnerabilities/219444>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Cloud Pak for Watson AIOps| 3.x \nIBM Cloud Pak for Watson AIOps| 3.x \nIBM Cloud Pak for Watson AIOps| 3.x \nIBM Cloud Pak for Watson AIOps| 3.x \nIBM Cloud Pak for Watson AIOps| 3.x \n \n\n\n## Remediation/Fixes\n\nIBM strongly suggests that you address the vulnerabilities now for all affected products/versions listed above by installing Fix:\n\n<https://www.ibm.com/docs/en/SSJGDOB_3.6.0/upgrading/upgrading.html>\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "published": "2022-12-15T01:55:24", "modified": "2022-12-15T01:55:24", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 6.4}, "severity": "MEDIUM", "exploitabilityScore": 10.0, "impactScore": 4.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL"}, "exploitabilityScore": 3.9, "impactScore": 5.2}, "href": "https://www.ibm.com/support/pages/node/6848189", "reporter": "IBM", "references": [], "cvelist": ["CVE-2018-8023", "CVE-2022-1552", "CVE-2022-21626", "CVE-2022-23806", "CVE-2022-41854"], "immutableFields": [], "lastseen": "2023-02-28T21:37:09", "viewCount": 4, "enchantments": {"score": {"value": 0.8, "vector": "NONE"}, "dependencies": {"references": [{"type": "almalinux", "idList": ["ALSA-2022:1819", "ALSA-2022:4805", "ALSA-2022:4807", "ALSA-2022:7000", "ALSA-2022:7006", "ALSA-2022:7012"]}, {"type": "alpinelinux", "idList": ["ALPINE:CVE-2022-23806"]}, {"type": "altlinux", "idList": ["09235B074B08120C6C59E24A7EDBA766", "12C239C822CB331C5161013124C37710", "2BB73074B65D8FCE3728C0F82636208A", "31F0802BDDA7600F2604A0348A21DE50", "390D1D57A4A2C9B4A670F096BC9D39B0", "63F410E2A01137F6EB70A084E7324583", "B8EBCADFB23196CDC2ADB7AA34CED16F", "D83F260512B70F45AC60A714BB9769D8", "E65BBBD335B0186CEFFF550EF41F088B", "FE319689A27EAE6632296A74977B9E49"]}, {"type": "amazon", "idList": ["ALAS-2023-1678", "ALAS-2023-1685", "ALAS2-2022-1776", "ALAS2-2022-1811", "ALAS2-2022-1830", "ALAS2-2022-1843", "ALAS2-2022-1866", "ALAS2-2022-1867", "ALAS2-2023-1922"]}, {"type": "centos", "idList": ["CESA-2022:5162", "CESA-2022:7002", "CESA-2022:7008"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:C5C661DE2166D4C9CD7D0550A8CA491D"]}, {"type": "cve", "idList": ["CVE-2018-8023", "CVE-2022-1552", "CVE-2022-21626", "CVE-2022-23806", "CVE-2022-41854"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2985-1:0C7A2", "DEBIAN:DLA-2986-1:6E1E6", "DEBIAN:DLA-3307-1:F1992", "DEBIAN:DSA-5135-1:537DD", "DEBIAN:DSA-5136-1:CB6F1", "DEBIAN:DSA-5331-1:DB2F5"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2022-1552", "DEBIANCVE:CVE-2022-21626", "DEBIANCVE:CVE-2022-23806", "DEBIANCVE:CVE-2022-41854"]}, {"type": "f5", "idList": ["F5:K46859523"]}, {"type": "fedora", "idList": ["FEDORA:49CD030AE7FC", "FEDORA:4D64030B6E58", "FEDORA:66F1F30B0A04", "FEDORA:765673056B04", "FEDORA:82AC930B0A15", "FEDORA:ABE5A30BBBD5", "FEDORA:B3DDF30BBBCE", "FEDORA:F08FD30AF862"]}, {"type": "freebsd", "idList": ["096AB080-907C-11EC-BB14-002324B2FBA8", "157CE083-D145-11EC-AB9B-6CC21735F730"]}, {"type": "gentoo", "idList": ["GLSA-202208-02", "GLSA-202211-04"]}, {"type": "github", "idList": ["GHSA-C8CC-P3J7-4C7F", "GHSA-W37G-RHQ8-7M4J"]}, {"type": "ibm", "idList": ["0204816A7AF9A939838902C9073F28137835C2E17451888C3BAED1BFCB7D899F", "0344344C5BC1E5BD76915E58268A7771FE5523A39AC168718FA30C6F4E2E5B5F", "08C8D259CA2A6F881AAA8041DC78858D8846EC23A590D29CCC2BF485F2A3BCB7", "118302FD22C5C4FAA4428CCB71EF43961B34440AE6C1CCDC5BA218D09A4E8839", "1481DAF4C699DC048E77546A032C22E8B4F22C9CD2DD05E5F3423E026EF90E95", "17AB2E00FFC0B08D08311CDC7E12FE5FEF209B4CFFD2957614AC712938E8ED5A", "1841E92577ACD6AADDBB49C1995A398D151CBC9679F1BA2B9C77425F2E40A55C", "1AF088B729327395B2A58F2B6A5DE29B451006152A6E70736A63FE04CC25635F", "1F0E7D967FB9872FBF98D6F193FF40FAE27CC22B9D7625D2B8A83B8875716CB1", "2EF5677A3F23861B8D0D2574DAF8E448757B7776BAEF3A64C7E654636BCEEF3E", "30310762C3F38C4C5EB90C02A09F3DA7152F660A3060D59B866E831E1E4CB9C8", "30DC450AABD11109A70A2AFC8BA5DC8E8DEFDC385B32C17C4EE2BE3BF55721AB", "318F876ECDCFF05F3B1D170E1F6EEA8ED41A82F4A1FB1717CF4BB31AD13C02F0", "321D2A78B414F020858482232B7BE23C1F205055618F862E858FD2DB44625F4A", "34554239639E7BE30D7E2FF3E60FCF35C97429B34CA07D7E3B7EDA735A843CF5", "34F5D287C654356B4FFDC0026D802797E1AB7DA4536614636D536DE4974A9BA8", "34FBAEEF366CB7DE704637DD9387142E0E5FB15840BA5A401EF615225B7C1FE1", "35774A12657731256610BEB1ACB2AE99C105060354AA560F82DED28AE65A8B24", "360E6FA5C0CD8A8E01ECA716FD2FBB90B836F15BD69F1F6F1E15E8A4CEDCEA2E", "384C2E2A2A7CE0D7C1ED343860F7A8372BBF28CD038D1B9802B3A13C761159CF", "38843C3D7B78AF184A87764092065E23D9B6C30888F3C19D056FC65D8F8288C5", "390ADE3893D47B00F5FE2567013BE4A37123E2B659BE5E1598AD7EA5696741E2", "39483C1D88EDE6E1217BE5AE44B5E429C17BC3FFB232291B8DF1B1B982203088", "3A8DC7B4CBA0B667D4766395E8ABE0DC72BBAD4E940319E49491D0C926E27E3F", "3C1A78B2884463FDD0373C1C8B938DC6B62E78494896694E30B6E9004C4B927F", "3CBB5BB93D767D27ACC627761E5F8B4371CEC60989A40BEFA15966D7D198BB77", "42D2F393E2D5968188FE1066AA0401FE0337938BCE287834FB8D9D4F5E95C324", "438ED04BF23D1D75D4AD129ECF4C66C4AFC8BC9B9660787A2AD2FA71A1F5260C", "44BE2B696C0E190DC3C45BE01238E31B87B7468AA00A501F0F3C22C11FF54FF2", "45F3F0972A02E3C0F5AA93C0952B721E68C89A7EB70D15A52A524AB38F1E8D23", "49FF2650E4D34A59324034D2D9D7A7421F32EC337402F43640EB6D68EE3F567E", "4B9D5729C0844CA683241D972BCA9D9F323ABE665EC6B948423B5AC02F2DCB19", "50DCC01C96F7800F4E5A57D300448F2A0FF35FDC26FE0285622B3CBE88205A3C", "51CE44C1C7A51E763D9A0FB6E6C7DB8CC2B8221BC5B619DC1E6EA5956B868D7E", "5BE52962678849208DBB78075A36D8D5B485DEC707628BB3A9D37D4AA01BC678", "5CB35C9C0900B9493CF241A1B26BBA73EFCD3D0F585D71E9961328F572956D73", "5FF84049776B70C5BBF2F0C7E2A796633B261CD6EF67A56097040D61F16328AC", "660208B752BB57B009A4138672B205F26C849049E39D34C5826F6CEC8771C567", "6755FFC6C8BDCE154C057AC84F0D180AB70F9362B4D00B88359A6D1ADF61D14A", "699223D515FE732FC9F1DF6EC7F6E06F88BA093D8FBF60BE8D914347FA4B5BE5", "6F9C6903CD7D8203D4E82C06723CA4FB1AB9B0D048230D4EE8B7B6CCAE5D8671", "703782FFD86AA3ACD5D8ABA07BEA7131C549AE993D04AB8B9815D8DBAE39920A", "7046D646EEEAACCB04F6CF212C3C3A2EE64CCB5798C1A9E48788FEE3205FB2EC", "7424064CE02CCF742F1586519DFD7B8AA482386FD2C87D35B41E48156F01FBDC", "74E733EAD00CC1443998FEAEB40A5B9D2B95F7D92F0086469EAF733BC0FE1A4E", "7A34C5EA3878227646136480AF345DCC5DF882B26F65D3380EC0064BCCA45485", "7AAAC72FE597506BDE2660E488F1C4716EB1897CE774DC380DED82B46A52016A", "7C5451969551322B10C02D39A8205047791F77289C2CE11B04A515BC58230E66", "7E3F42C505D4AC9F43C1F504CCB4D99DE456ACE8D89C9DBAE11447B628A0F8A5", "7F469CFC041F0A861570BFF0B2EAA8E27C8745F53E8D1D2E37E215EB01C5CB2D", "81C6A358F17E973E45D7EB18F13FD90C43F11DE4197BCA2FAD44339C44E0E4D6", "8271DA3A40630C2ED7F6D3D137F6651932C4B2E5976E9E2E07E160409BF14EAC", "8449C092935C85C32C1C5139DA86783DA997A8DA7BCDBA032A64697AA7176069", "864EFD32583B4E6F67A715CD52B132720426ED66FD17B277E66FF35B61D642F7", "87D892865D9D3B7F73EE6A201D099ED8F02162A1A4A7C1F36F3C4174D9F9F855", "88DFB9E982D0A58C6136F965194F206A274D548D30DEA8A56A30E8B13938EBD4", "897C1C4063D647B510038AC8749377FEA3344FA38586156BA7A725F608177613", "8A80F344EBFCFC30424F4B236E0BCEA911FC3C5A51859876D808039E8C61FAD0", "8D2D1A34514FDBF0F2F22F21E5ADAA827BCE7E0FD06CC55C7D887D0DC771C10E", "90AC6404BEC26EE04C5116EFE61EADA448F6BE4B15643F95B0E2C306615BA410", "91D7C6C9A5739FEE5F42D389A6790AF75591DE3F4B00792DEC9B2F9736C9AA92", "93877A562B975C91505EC2DDCF1E0F2F75707DBF947F3BE156AF14689DE23283", "96B41F1EF64391A684A20D47B2A2DBF3CD95DDFA2C9F99F659F1420018B1274E", "992ED83885A2D5709352617D062682E3AF41D19357F6F20C58347988403754C6", "A1393B79B912BAEB5AE7A51185F60720D76100610170FE299B469B9C856CCB2B", "A4C7F1899089B546ED394AE8F6988B8EE42E053E0111886BE9FBF60DD7E72474", "A6632BDC11284F092951B8C6A77DB2DE8B02E84648162AF82EABF29442D7A504", "AE5EB3FB90B30B6D41D5B101ABF5005C1DFD43E74ADCCCB71466771BCFCB191A", "B0B42C99943ADC9F2284EFF89574BB2533E047DC3DB366C34D87AF50C7E52D46", "B39CDF48277B5A1E5E74388C6E0EA6AFB8F6FEA1ED51299E44E0AEE4AC404FF6", "B6EC21304BF95409AB4EB95E27863DF7110BF33BFB9CDF52A9884156F088C326", "BD6E23C4E3F5B725C3D32A4CA412CD17E93BDB20B9FF96D3038E928C1C13CB9B", "C00CA1FBAB9202E64462B2BF77F0ED60BC785060E001593CB61BA37AB170F2A4", "C3E83DDDDF37022CCB9C67147A9E72A210F68D967AD579E66F8160A01AD3AFA3", "C5BEBE8FB5CB2A0605BBF930D76E7AC5939B54F1D19B038C7CC97D58929A7B11", "C65C9D42F36D758D0098249F655FBB450A0B73FDEBBA213A9A3E3B599CE938F8", "C738FF607B47687B1DFCC523B3030D5EF139CF5DEF02AAD36B4326A7752D3E64", "C815D5BA0527F8CF454767B7D16A6B819AF9B998FAC3AFC2A63E79F6A57AD83A", "CD354C2CBA24AA52D53FB0809968B9BA7DFCFF8439DE6BA419EE034FE1969603", "D0934964E9B56702CBED525517F4EA576FF2F33A8BA6C800C34ECA9B7FE90236", "D1A639BE91DC5412986E431A6AA9AD5A1E2630EDE1D54679B68D5811B8F0AF4B", "D642B106AEF6A0331D5279B5D198C003A15DD599D9D5027FB7E0DDEE76D361BD", "D6677B366CD35E1B4F6DF838B54EFE8571FBCE9D92919BBCBB56A5A34A788F1B", "D786761B0B2DB5C7370185F18DFD1990C653F5CA978F07DC85476F6C4C32F95A", "D7CA31FD133784EA4DD78EB75768669CA6D56DF4D4431CC8EA26697DB9F0BFDA", "DC156DF61A378C5F680691E655CAB280AE91D82C421725F9A5FE5C6C1B3B3F9A", "DED899C681C4F01F658F5349E77058BDF8C51E88FADBC17AC63AAD856B4CADE5", "E1A1D552E78033169678134FE5961F6004062983C1F460B7BF4BC91470F5CDBC", "EABCB62F4F89C79FF87C8CD548FFD288BDE7C18AAF07A286BBD0C9C83EF3983D", "EBF7FAC69068575846327A4CBDC56FA371BCD390746BA7B0C955566A104AD9B3", "ED2D628E2B845D710C7283E74DEB57A6ACCF26A841A9E4CC3B811EEE14A28F24", "F2018DF6B5783A154F66D47CF61A02700B33271E5A9BF9B7EA3DF4AD976BD52B", "F8ADD70D041744E6F55EE08895DA29CDD7439F6FC877AF5EF2FC6E82E799C2A6", "FBCC15D37DB82855A84E414F2F4C447C0F952B6B90CAC19600957DE4EB6A5158", "FDDBFD86A5F57AD1AEF0B5EC6E55F3566A9540EA301A183BCF86D5ACA28FE658", "FEF3D9CCCE24C08E319A8AE3D38411199D5C0E55CEDE903D3EEB444B38106F9B"]}, {"type": "kaspersky", "idList": ["KLA20013"]}, {"type": "mageia", "idList": ["MGASA-2022-0091", "MGASA-2022-0201", "MGASA-2022-0313", "MGASA-2022-0435"]}, {"type": "nessus", "idList": ["AL2022_ALAS2022-2022-124.NASL", "AL2022_ALAS2022-2022-151.NASL", "AL2022_ALAS2022-2022-152.NASL", "AL2022_ALAS2022-2022-153.NASL", "AL2022_ALAS2022-2022-190.NASL", "AL2_ALAS-2022-1811.NASL", "AL2_ALAS-2022-1830.NASL", "AL2_ALAS-2022-1843.NASL", "AL2_ALAS-2022-1866.NASL", "AL2_ALAS-2022-1867.NASL", "AL2_ALAS-2023-1922.NASL", "AL2_ALASCORRETTO8-2022-004.NASL", "AL2_ALASJAVA-OPENJDK11-2023-003.NASL", "ALA_ALAS-2023-1678.NASL", "ALA_ALAS-2023-1685.NASL", "ALMA_LINUX_ALSA-2022-1819.NASL", "ALMA_LINUX_ALSA-2022-4771.NASL", "ALMA_LINUX_ALSA-2022-4805.NASL", "ALMA_LINUX_ALSA-2022-4807.NASL", "ALMA_LINUX_ALSA-2022-6999.NASL", "ALMA_LINUX_ALSA-2022-7000.NASL", "ALMA_LINUX_ALSA-2022-7006.NASL", "ALMA_LINUX_ALSA-2022-7007.NASL", "ALMA_LINUX_ALSA-2022-7012.NASL", "ALMA_LINUX_ALSA-2022-7013.NASL", "AMAZON_CORRETTO_11_0_17_8_1.NASL", "AMAZON_CORRETTO_8_352_08_1.NASL", "AZUL_ZULU_19_30_12.NASL", "CENTOS8_RHSA-2022-1819.NASL", "CENTOS8_RHSA-2022-4807.NASL", "CENTOS8_RHSA-2022-4855.NASL", "CENTOS_RHSA-2022-5162.NASL", "CENTOS_RHSA-2022-7002.NASL", "CENTOS_RHSA-2022-7008.NASL", "DEBIAN_DLA-2985.NASL", "DEBIAN_DLA-2986.NASL", "DEBIAN_DLA-3307.NASL", "DEBIAN_DSA-5135.NASL", "DEBIAN_DSA-5136.NASL", "DEBIAN_DSA-5331.NASL", "EULEROS_SA-2022-1534.NASL", "EULEROS_SA-2022-1566.NASL", "EULEROS_SA-2022-1788.NASL", "EULEROS_SA-2022-1805.NASL", "EULEROS_SA-2022-1841.NASL", "EULEROS_SA-2022-1865.NASL", "EULEROS_SA-2022-2231.NASL", "EULEROS_SA-2022-2278.NASL", "EULEROS_SA-2022-2528.NASL", "EULEROS_SA-2022-2631.NASL", "EULEROS_SA-2023-1319.NASL", "FEDORA_2022-1C07902A5E.NASL", "FEDORA_2022-361F34F2A9.NASL", "FEDORA_2022-8A4E8AA190.NASL", "FEDORA_2022-B050AE8974.NASL", "FEDORA_2022-D989953883.NASL", "FREEBSD_PKG_096AB080907C11ECBB14002324B2FBA8.NASL", "FREEBSD_PKG_157CE083D14511ECAB9B6CC21735F730.NASL", "GENTOO_GLSA-202208-02.NASL", "GENTOO_GLSA-202211-04.NASL", "IBM_JAVA_2022_10_18.NASL", "NUTANIX_NXSA-AOS-6_5_1_8.NASL", "NUTANIX_NXSA-AOS-6_5_2.NASL", "OPENJDK_2022-10-18.NASL", "OPENSUSE-2022-0723-1.NASL", "OPENSUSE-2022-0724-1.NASL", "ORACLELINUX_ELSA-2022-14857.NASL", "ORACLELINUX_ELSA-2022-1819.NASL", "ORACLELINUX_ELSA-2022-4771.NASL", "ORACLELINUX_ELSA-2022-4805.NASL", "ORACLELINUX_ELSA-2022-4807.NASL", "ORACLELINUX_ELSA-2022-4855.NASL", "ORACLELINUX_ELSA-2022-5162.NASL", "ORACLELINUX_ELSA-2022-6999.NASL", "ORACLELINUX_ELSA-2022-7000.NASL", "ORACLELINUX_ELSA-2022-7002.NASL", "ORACLELINUX_ELSA-2022-7006.NASL", "ORACLELINUX_ELSA-2022-7007.NASL", "ORACLELINUX_ELSA-2022-7008.NASL", "ORACLELINUX_ELSA-2022-7012.NASL", "ORACLELINUX_ELSA-2022-7013.NASL", "ORACLE_JAVA_CPU_OCT_2022.NASL", "POSTGRESQL_20220512.NASL", "REDHAT-RHSA-2022-1819.NASL", "REDHAT-RHSA-2022-4771.NASL", "REDHAT-RHSA-2022-4805.NASL", "REDHAT-RHSA-2022-4807.NASL", "REDHAT-RHSA-2022-4854.NASL", "REDHAT-RHSA-2022-4855.NASL", "REDHAT-RHSA-2022-4856.NASL", "REDHAT-RHSA-2022-4857.NASL", "REDHAT-RHSA-2022-4893.NASL", "REDHAT-RHSA-2022-4894.NASL", "REDHAT-RHSA-2022-4895.NASL", "REDHAT-RHSA-2022-4913.NASL", "REDHAT-RHSA-2022-4915.NASL", "REDHAT-RHSA-2022-4929.NASL", "REDHAT-RHSA-2022-5004.NASL", "REDHAT-RHSA-2022-5068.NASL", "REDHAT-RHSA-2022-5162.NASL", "REDHAT-RHSA-2022-5729.NASL", "REDHAT-RHSA-2022-6094.NASL", "REDHAT-RHSA-2022-6999.NASL", "REDHAT-RHSA-2022-7000.NASL", "REDHAT-RHSA-2022-7001.NASL", "REDHAT-RHSA-2022-7002.NASL", "REDHAT-RHSA-2022-7003.NASL", "REDHAT-RHSA-2022-7004.NASL", "REDHAT-RHSA-2022-7005.NASL", "REDHAT-RHSA-2022-7006.NASL", "REDHAT-RHSA-2022-7007.NASL", "REDHAT-RHSA-2022-7008.NASL", "REDHAT-RHSA-2022-7009.NASL", "REDHAT-RHSA-2022-7010.NASL", "REDHAT-RHSA-2022-7011.NASL", "REDHAT-RHSA-2022-7012.NASL", "REDHAT-RHSA-2022-7013.NASL", "REDHAT-RHSA-2022-8880.NASL", "REDHAT-RHSA-2023-0128.NASL", "ROCKY_LINUX_RLSA-2022-7012.NASL", "SL_20220622_POSTGRESQL_ON_SL7_X.NASL", "SL_20221020_JAVA_11_OPENJDK_ON_SL7_X.NASL", "SL_20221020_JAVA_1_8_0_OPENJDK_ON_SL7_X.NASL", "SUSE_SU-2022-0723-1.NASL", "SUSE_SU-2022-0724-1.NASL", "SUSE_SU-2022-1804-1.NASL", "SUSE_SU-2022-1835-1.NASL", "SUSE_SU-2022-1869-1.NASL", "SUSE_SU-2022-1874-1.NASL", "SUSE_SU-2022-1890-1.NASL", "SUSE_SU-2022-1894-1.NASL", "SUSE_SU-2022-1895-1.NASL", "SUSE_SU-2022-1908-1.NASL", "SUSE_SU-2022-2893-1.NASL", "SUSE_SU-2022-2958-1.NASL", "SUSE_SU-2022-4078-1.NASL", "SUSE_SU-2022-4080-1.NASL", "SUSE_SU-2022-4166-1.NASL", "SUSE_SU-2022-4250-1.NASL", "SUSE_SU-2022-4290-1.NASL", "SUSE_SU-2022-4373-1.NASL", "SUSE_SU-2022-4452-1.NASL", "UBUNTU_USN-5440-1.NASL", "UBUNTU_USN-5676-1.NASL", "UBUNTU_USN-5719-1.NASL"]}, {"type": "oracle", "idList": ["ORACLE:CPUJUL2022", "ORACLE:CPUOCT2022"]}, {"type": "oraclelinux", "idList": ["ELSA-2022-14857", "ELSA-2022-1819", "ELSA-2022-4771", "ELSA-2022-4805", "ELSA-2022-4807", "ELSA-2022-4855", "ELSA-2022-5162", "ELSA-2022-6999", "ELSA-2022-7000", "ELSA-2022-7002", "ELSA-2022-7006", "ELSA-2022-7007", "ELSA-2022-7008", "ELSA-2022-7012", "ELSA-2022-7013"]}, {"type": "osv", "idList": ["OSV:CVE-2022-1552", "OSV:DLA-2985-1", "OSV:DLA-2986-1", "OSV:DLA-3307-1", "OSV:DSA-5135-1", "OSV:DSA-5136-1", "OSV:DSA-5331-1", "OSV:GHSA-C8CC-P3J7-4C7F", "OSV:GHSA-W37G-RHQ8-7M4J", "OSV:GO-2021-0319"]}, {"type": "photon", "idList": ["PHSA-2022-0159", "PHSA-2022-0364", "PHSA-2022-0445", "PHSA-2022-3.0-0364", "PHSA-2022-4.0-0159"]}, {"type": "redhat", "idList": ["RHSA-2022:1081", "RHSA-2022:1819", "RHSA-2022:4771", "RHSA-2022:4805", "RHSA-2022:4807", "RHSA-2022:4854", "RHSA-2022:4855", "RHSA-2022:4856", "RHSA-2022:4857", "RHSA-2022:4860", "RHSA-2022:4863", "RHSA-2022:4893", "RHSA-2022:4894", "RHSA-2022:4895", "RHSA-2022:4913", "RHSA-2022:4915", "RHSA-2022:4929", "RHSA-2022:4956", "RHSA-2022:5004", "RHSA-2022:5006", "RHSA-2022:5068", "RHSA-2022:5069", "RHSA-2022:5070", "RHSA-2022:5162", "RHSA-2022:5201", "RHSA-2022:5392", "RHSA-2022:5729", "RHSA-2022:5875", "RHSA-2022:6094", "RHSA-2022:6156", "RHSA-2022:6252", "RHSA-2022:6526", "RHSA-2022:6882", "RHSA-2022:6999", "RHSA-2022:7000", "RHSA-2022:7001", "RHSA-2022:7002", "RHSA-2022:7003", "RHSA-2022:7004", "RHSA-2022:7005", "RHSA-2022:7006", "RHSA-2022:7007", "RHSA-2022:7008", "RHSA-2022:7009", "RHSA-2022:7010", "RHSA-2022:7011", "RHSA-2022:7012", "RHSA-2022:7013", "RHSA-2022:7049", "RHSA-2022:7050", "RHSA-2022:7051", "RHSA-2022:7052", "RHSA-2022:7053", "RHSA-2022:7054", "RHSA-2022:7211", "RHSA-2022:7216", "RHSA-2022:7434", "RHSA-2022:7874", "RHSA-2022:8781", "RHSA-2022:8880", "RHSA-2022:8889", "RHSA-2022:8938", "RHSA-2023:0128", "RHSA-2023:0408", "RHSA-2023:0577"]}, {"type": "redhatcve", "idList": ["RH:CVE-2018-8023", "RH:CVE-2022-1552", "RH:CVE-2022-21626", "RH:CVE-2022-23806", "RH:CVE-2022-41854"]}, {"type": "rocky", "idList": ["RLSA-2022:1819", "RLSA-2022:4771", "RLSA-2022:4805", "RLSA-2022:4807", "RLSA-2022:4855", "RLSA-2022:6999", "RLSA-2022:7000", "RLSA-2022:7006", "RLSA-2022:7007", "RLSA-2022:7012", "RLSA-2022:7013"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2022:0723-1", "OPENSUSE-SU-2022:0724-1", "SUSE-SU-2022:1890-1", "SUSE-SU-2022:1894-1", "SUSE-SU-2022:1895-1", "SUSE-SU-2022:1908-1"]}, {"type": "ubuntu", "idList": ["USN-5440-1", "USN-5676-1", "USN-5719-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2022-1552", "UB:CVE-2022-21626", "UB:CVE-2022-23806", "UB:CVE-2022-41854"]}, {"type": "veracode", "idList": ["VERACODE:34198", "VERACODE:35549", "VERACODE:37659", "VERACODE:38078"]}, {"type": "virtuozzo", "idList": ["VZA-2022-016", "VZA-2022-017"]}]}, "affected_software": {"major_version": [{"name": "ibm cloud pak for watson aiops", "version": 3}]}, "epss": [{"cve": "CVE-2018-8023", "epss": "0.000720000", "percentile": "0.290980000", "modified": "2023-03-20"}, {"cve": "CVE-2022-1552", "epss": "0.000850000", "percentile": "0.344940000", "modified": "2023-03-20"}, {"cve": "CVE-2022-21626", "epss": "0.000790000", "percentile": "0.323110000", "modified": "2023-03-20"}, {"cve": "CVE-2022-23806", "epss": "0.001580000", "percentile": "0.505590000", "modified": "2023-03-20"}, {"cve": "CVE-2022-41854", "epss": "0.000700000", "percentile": "0.284230000", "modified": "2023-03-20"}], "vulnersScore": 0.8}, "_state": {"score": 1677620699, "dependencies": 1677620340, "affected_software_major_version": 1677621718, "epss": 1679353574}, "_internal": {"score_hash": "b76e780476b1f54b350a8601dc4dab50"}, "affectedSoftware": [{"version": "3.6", "operator": "eq", "name": "ibm cloud pak for watson aiops"}]}

{"debiancve": [{"lastseen": "2023-03-02T06:11:35", "description": "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-11-11T13:15:00", "type": "debiancve", "title": "CVE-2022-41854", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2022-41854"], "modified": "2022-11-11T13:15:00", "id": "DEBIANCVE:CVE-2022-41854", "href": "https://security-tracker.debian.org/tracker/CVE-2022-41854", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-09T06:07:16", "description": "Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2022-02-11T01:15:00", "type": "debiancve", "title": "CVE-2022-23806", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23806"], "modified": "2022-02-11T01:15:00", "id": "DEBIANCVE:CVE-2022-23806", "href": "https://security-tracker.debian.org/tracker/CVE-2022-23806", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2023-02-06T10:10:55", "description": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2022-10-18T21:15:00", "type": "debiancve", "title": "CVE-2022-21626", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2022-21626"], "modified": "2022-10-18T21:15:00", "id": "DEBIANCVE:CVE-2022-21626", "href": "https://security-tracker.debian.org/tracker/CVE-2022-21626", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-12-17T15:20:26", "description": "A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck commands activated relevant protections too late or not at all during the process. This flaw allows an attacker with permission to create non-temporary objects in at least one schema to execute arbitrary SQL functions under a superuser identity.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-31T16:15:00", "type": "debiancve", "title": "CVE-2022-1552", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2022-1552"], "modified": "2022-08-31T16:15:00", "id": "DEBIANCVE:CVE-2022-1552", "href": "https://security-tracker.debian.org/tracker/CVE-2022-1552", "cvss": {"score": 0.0, "vector": "NONE"}}], "cve": [{"lastseen": "2023-02-11T19:34:58", "description": "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-11-11T13:15:00", "type": "cve", "title": "CVE-2022-41854", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2022-41854"], "modified": "2023-02-11T17:42:00", "cpe": ["cpe:/o:fedoraproject:fedora:36", "cpe:/o:fedoraproject:fedora:37"], "id": "CVE-2022-41854", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41854", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:32:13", "description": "Apache Mesos can be configured to require authentication to call the Executor HTTP API using JSON Web Token (JWT). In Apache Mesos versions pre-1.4.2, 1.5.0, 1.5.1, 1.6.0 the comparison of the generated HMAC value against the provided signature in the JWT implementation used is vulnerable to a timing attack because instead of a constant-time string comparison routine a standard `==` operator has been used. A malicious actor can therefore abuse the timing difference of when the JWT validation function returns to reveal the correct HMAC value.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-09-21T13:29:00", "type": "cve", "title": "CVE-2018-8023", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-8023"], "modified": "2020-10-22T13:15:00", "cpe": ["cpe:/a:apache:mesos:1.6.0", "cpe:/a:apache:mesos:1.5.0", "cpe:/a:apache:mesos:1.5.1"], "id": "CVE-2018-8023", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-8023", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:apache:mesos:1.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:mesos:1.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:mesos:1.5.0:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:12:22", "description": "Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2022-02-11T01:15:00", "type": "cve", "title": "CVE-2022-23806", "cwe": ["CWE-252"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23806"], "modified": "2022-11-09T21:25:00", "cpe": ["cpe:/a:netapp:beegfs_csi_driver:-", "cpe:/a:netapp:cloud_insights_telegraf_agent:-", "cpe:/a:netapp:storagegrid:-", "cpe:/a:netapp:kubernetes_monitoring_operator:-", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2022-23806", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-23806", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}, "cpe23": ["cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:cloud_insights_telegraf_agent:-:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:kubernetes_monitoring_operator:-:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:beegfs_csi_driver:-:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:06:52", "description": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2022-10-18T21:15:00", "type": "cve", "title": "CVE-2022-21626", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2022-21626"], "modified": "2022-12-08T15:56:00", "cpe": ["cpe:/a:oracle:jre:11.0.16.1", "cpe:/a:oracle:jdk:11.0.16.1", "cpe:/a:netapp:oncommand_insight:-", "cpe:/a:netapp:e-series_santricity_os_controller:11.70.2", "cpe:/a:netapp:santricity_storage_plugin:-", "cpe:/a:netapp:e-series_santricity_unified_manager:-", "cpe:/a:oracle:graalvm:20.3.7", "cpe:/o:fedoraproject:fedora:35", "cpe:/a:oracle:jdk:1.8.0", "cpe:/a:netapp:cloud_insights_acquisition_unit:-", "cpe:/a:oracle:graalvm:22.2.0", "cpe:/a:netapp:oncommand_workflow_automation:-", "cpe:/a:netapp:7-mode_transition_tool:-", "cpe:/a:netapp:cloud_secure_agent:-", "cpe:/a:netapp:e-series_santricity_storage_manager:-", "cpe:/a:oracle:jre:1.8.0", "cpe:/o:fedoraproject:fedora:36", "cpe:/a:netapp:santricity_web_services_proxy:-", "cpe:/a:oracle:graalvm:21.3.3"], "id": "CVE-2022-21626", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-21626", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": ["cpe:2.3:a:netapp:e-series_santricity_unified_manager:-:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:santricity_web_services_proxy:-:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.8.0:update345:*:*:enterprise_performance_pack:*:*:*", "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.8.0:update345:*:*:enterprise_performance_pack:*:*:*", "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.8.0:update341:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:11.0.16.1:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.70.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:graalvm:20.3.7:*:*:*:enterprise:*:*:*", "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:santricity_storage_plugin:-:*:*:*:*:vcenter:*:*", "cpe:2.3:a:oracle:graalvm:22.2.0:*:*:*:enterprise:*:*:*", "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:11.0.16.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.8.0:update341:*:*:*:*:*:*", "cpe:2.3:a:oracle:graalvm:21.3.3:*:*:*:enterprise:*:*:*", "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:01:45", "description": "A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck commands activated relevant protections too late or not at all during the process. This flaw allows an attacker with permission to create non-temporary objects in at least one schema to execute arbitrary SQL functions under a superuser identity.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-31T16:15:00", "type": "cve", "title": "CVE-2022-1552", "cwe": ["CWE-459", "CWE-89"], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2022-1552"], "modified": "2022-12-08T03:52:00", "cpe": [], "id": "CVE-2022-1552", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1552", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": []}], "osv": [{"lastseen": "2023-03-28T05:31:26", "description": "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-11-11T19:00:31", "type": "osv", "title": "Snakeyaml vulnerable to Stack overflow leading to denial of service", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-41854"], "modified": "2023-03-28T05:31:24", "id": "OSV:GHSA-W37G-RHQ8-7M4J", "href": "https://osv.dev/vulnerability/GHSA-w37g-rhq8-7m4j", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-03-28T05:21:11", "description": "Apache Mesos can be configured to require authentication to call the Executor HTTP API using JSON Web Token (JWT). In Apache Mesos versions pre-1.4.2, 1.5.0, 1.5.1, 1.6.0 the comparison of the generated HMAC value against the provided signature in the JWT implementation used is vulnerable to a timing attack because instead of a constant-time string comparison routine a standard `==` operator has been used. A malicious actor can therefore abuse the timing difference of when the JWT validation function returns to reveal the correct HMAC value.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-10-17T19:54:14", "type": "osv", "title": "Moderate severity vulnerability that affects org.apache.mesos:mesos", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-8023"], "modified": "2023-03-28T05:21:02", "id": "OSV:GHSA-C8CC-P3J7-4C7F", "href": "https://osv.dev/vulnerability/GHSA-c8cc-p3j7-4c7f", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-08-18T20:26:59", "description": "Some big.Int values that are not valid field elements (negative or overflowing)\nmight cause Curve.IsOnCurve to incorrectly return true. Operating on those values\nmay cause a panic or an invalid curve operation. Note that Unmarshal will never\nreturn such values.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.2}, "published": "2022-05-23T22:15:21", "type": "osv", "title": "GO-2021-0319", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23806"], "modified": "2022-08-18T20:22:13", "id": "OSV:GO-2021-0319", "href": "https://osv.dev/vulnerability/GO-2021-0319", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2022-08-10T07:07:18", "description": "\nAlexander Lakhin discovered that the autovacuum feature and multiple\ncommands could escape the \"security-restricted operation\" sandbox.\n\n\nFor additional information please refer to the upstream announcement\nat [\\\nhttps://www.postgresql.org/support/security/CVE-2022-1552/](https://www.postgresql.org/support/security/CVE-2022-1552/)/\n\n\nFor the oldstable distribution (buster), this problem has been fixed\nin version 11.16-0+deb10u1.\n\n\nWe recommend that you upgrade your postgresql-11 packages.\n\n\nFor the detailed security status of postgresql-11 please refer to\nits security tracker page at:\n[\\\nhttps://security-tracker.debian.org/tracker/postgresql-11](https://security-tracker.debian.org/tracker/postgresql-11)\n\n\n", "cvss3": {}, "published": "2022-05-12T00:00:00", "type": "osv", "title": "postgresql-11 - security update", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-1552"], "modified": "2022-08-10T07:07:11", "id": "OSV:DSA-5135-1", "href": "https://osv.dev/vulnerability/DSA-5135-1", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-08-10T07:07:18", "description": "\nAlexander Lakhin discovered that the autovacuum feature and multiple\ncommands could escape the \"security-restricted operation\" sandbox.\n\n\nFor additional information please refer to the upstream announcement\nat [\\\nhttps://www.postgresql.org/support/security/CVE-2022-1552/](https://www.postgresql.org/support/security/CVE-2022-1552/)/\n\n\nFor the stable distribution (bullseye), this problem has been fixed in\nversion 13.7-0+deb11u1.\n\n\nWe recommend that you upgrade your postgresql-13 packages.\n\n\nFor the detailed security status of postgresql-13 please refer to\nits security tracker page at:\n[\\\nhttps://security-tracker.debian.org/tracker/postgresql-13](https://security-tracker.debian.org/tracker/postgresql-13)\n\n\n", "cvss3": {}, "published": "2022-05-12T00:00:00", "type": "osv", "title": "postgresql-13 - security update", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-1552"], "modified": "2022-08-10T07:07:11", "id": "OSV:DSA-5136-1", "href": "https://osv.dev/vulnerability/DSA-5136-1", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-12-08T07:36:49", "description": "A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck commands activated relevant protections too late or not at all during the process. This flaw allows an attacker with permission to create non-temporary objects in at least one schema to execute arbitrary SQL functions under a superuser identity.", "cvss3": {}, "published": "2022-08-31T16:15:00", "type": "osv", "title": "CVE-2022-1552", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-1552"], "modified": "2022-12-08T07:36:46", "id": "OSV:CVE-2022-1552", "href": "https://osv.dev/vulnerability/CVE-2022-1552", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-08-05T05:19:22", "description": "\nSeveral vulnerabilities were discovered in the Go programming\nlanguage. An attacker could trigger a denial-of-service (DoS) or\ninvalid cryptographic computation.\n\n\n* [CVE-2022-23772](https://security-tracker.debian.org/tracker/CVE-2022-23772)\nRat.SetString in math/big has an overflow that can lead to\n Uncontrolled Memory Consumption.\n* [CVE-2022-23806](https://security-tracker.debian.org/tracker/CVE-2022-23806)\nCurve.IsOnCurve in crypto/elliptic can incorrectly return true in\n situations with a big.Int value that is not a valid field element.\n* [CVE-2022-24921](https://security-tracker.debian.org/tracker/CVE-2022-24921)\nregexp.Compile allows stack exhaustion via a deeply nested\n expression.\n\n\nFor Debian 9 stretch, these problems have been fixed in version\n1.7.4-2+deb9u5.\n\n\nWe recommend that you upgrade your golang-1.7 packages.\n\n\nFor the detailed security status of golang-1.7 please refer to\nits security tracker page at:\n<https://security-tracker.debian.org/tracker/golang-1.7>\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.2}, "published": "2022-04-28T00:00:00", "type": "osv", "title": "golang-1.7 - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23806", "CVE-2022-23772", "CVE-2022-24921"], "modified": "2022-08-05T05:19:21", "id": "OSV:DLA-2985-1", "href": "https://osv.dev/vulnerability/DLA-2985-1", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-08-05T05:19:22", "description": "\nSeveral vulnerabilities were discovered in the Go programming\nlanguage. An attacker could trigger a denial-of-service (DoS) or\ninvalid cryptographic computation.\n\n\n* [CVE-2022-23772](https://security-tracker.debian.org/tracker/CVE-2022-23772)\nRat.SetString in math/big has an overflow that can lead to\n Uncontrolled Memory Consumption.\n* [CVE-2022-23806](https://security-tracker.debian.org/tracker/CVE-2022-23806)\nCurve.IsOnCurve in crypto/elliptic can incorrectly return true in\n situations with a big.Int value that is not a valid field element.\n* [CVE-2022-24921](https://security-tracker.debian.org/tracker/CVE-2022-24921)\nregexp.Compile allows stack exhaustion via a deeply nested\n expression.\n\n\nFor Debian 9 stretch, these problems have been fixed in version\n1.8.1-1+deb9u5.\n\n\nWe recommend that you upgrade your golang-1.8 packages.\n\n\nFor the detailed security status of golang-1.8 please refer to\nits security tracker page at:\n<https://security-tracker.debian.org/tracker/golang-1.8>\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.2}, "published": "2022-04-28T00:00:00", "type": "osv", "title": "golang-1.8 - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23806", "CVE-2022-23772", "CVE-2022-24921"], "modified": "2022-08-05T05:19:21", "id": "OSV:DLA-2986-1", "href": "https://osv.dev/vulnerability/DLA-2986-1", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "ibm": [{"lastseen": "2023-03-28T14:03:05", "description": "## Summary\n\nThere is a security vulnerability in snakeYAML used by IBM Maximo Data Loader\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-41854](<https://vulners.com/cve/CVE-2022-41854>) \n** DESCRIPTION: **snakeYAML is vulnerable to a denial of service, caused by improper input validation. By persuading a victim to open a specially-crafted YAML content, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/240890](<https://exchange.xforce.ibmcloud.com/vulnerabilities/240890>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \n \nIBM Maximo Data Loader\n\n| \n\n8.3.4 \n \n \n\n\n## Remediation/Fixes\n\n**For IBM Maximo Data Loader:**\n\nMaximo Data Loader | \n\nIBM Maximo Data Loader Patch Fix or Release \n \n---|--- \n \n8.5.0\n\n| \n\n8.5.0 or latest (available from the [IBM Entitled Registry](<https://www.ibm.com/docs/en/mci/continuous-delivery?topic=loader-obtaining-entitlement-key-entitled-registry> \"IBM Entitled Registry\" )) \n \nRefer to IBM documentation [Loading data using Maximo Data Loader ](<https://www.ibm.com/docs/en/mci/continuous-delivery?topic=configuring-loading-data-using-maximo-data-loader> \"Loading data using\u00a0Maximo Data Loader\" ) for the deployments process.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2023-03-28T13:29:35", "type": "ibm", "title": "Security Bulletin: There is a security vulnerability in snakeYAML used by IBM Maximo Data Loader (CVE-2022-41854)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-41854"], "modified": "2023-03-28T13:29:35", "id": "B0D6E87284C12AB4B1DC671591B12DDF5FFBFF965FA13BB9D4183BE4014F78E2", "href": "https://www.ibm.com/support/pages/node/6966646", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-15T05:33:13", "description": "## Summary\n\nPotential denial of service vulnerability in snakeYAML-(CVE-2022-41854) has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. Refer to details for additional information.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-41854](<https://vulners.com/cve/CVE-2022-41854>) \n** DESCRIPTION: **snakeYAML is vulnerable to a denial of service, caused by improper input validation. By persuading a victim to open a specially-crafted YAML content, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/240890](<https://exchange.xforce.ibmcloud.com/vulnerabilities/240890>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \n| IBM Watson Assistant for IBM Cloud Pak for Data \n--- \n1.5.0, 4.0.0, 4.0.2, 4.0.4, 4.0.5, 4.0.6, 4.0.7, 4.0.8, 4.5.1, 4.5.3, 4.6 \n \n\n\n## Remediation/Fixes\n\nFor all affected versions, IBM strongly recommends addressing the vulnerability now by upgrading to the latest (v4.6.2) release of IBM Watson Assistant for IBM Cloud Pak for Data which maintains backward compatibility with the versions listed above. \n\n**Product Latest Version**| **Remediation/Fix/Instructions** \n---|--- \nIBM Watson Assistant for IBM Cloud Pak for Data 4.6.2| \n\nFollow instructions for Installing Watson Assistant in Link to Release (v4.6.2 release information)\n\n<https://www.ibm.com/docs/en/cloud-paks/cp-data/4.6.x> \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2023-02-14T22:50:06", "type": "ibm", "title": "Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to snakeYAML denial of service (CVE-2022-41854)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-41854"], "modified": "2023-02-14T22:50:06", "id": "34F5D287C654356B4FFDC0026D802797E1AB7DA4536614636D536DE4974A9BA8", "href": "https://www.ibm.com/support/pages/node/6955731", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-28T21:37:23", "description": "## Summary\n\nsnakeYAML is used by IBM App Connect Enterprise Certified Container for parsing YAML data. IBM App Connect Enterprise Certified Container IntegrationServer operands may be vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability in snakeYAML. CVE-2022-41854\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-41854](<https://vulners.com/cve/CVE-2022-41854>) \n** DESCRIPTION: **snakeYAML is vulnerable to a denial of service, caused by improper input validation. By persuading a victim to open a specially-crafted YAML content, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/240890](<https://exchange.xforce.ibmcloud.com/vulnerabilities/240890>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nApp Connect Enterprise Certified Container| 4.1 \nApp Connect Enterprise Certified Container| 4.2 \nApp Connect Enterprise Certified Container| 5.0-lts \nApp Connect Enterprise Certified Container| 5.1 \nApp Connect Enterprise Certified Container| 5.2 \nApp Connect Enterprise Certified Container| 6.0 \nApp Connect Enterprise Certified Container| 6.1 \n \n\n\n## Remediation/Fixes\n\n**App Connect Enterprise Certified Container 4.1, 4.2, 5.0, 5.1, 5.2, 6.0 and 6.1 (Continuous Delivery)**\n\nUpgrade to App Connect Enterprise Certified Container Operator version 6.2.0 or higher, and ensure that all DesignerAuthoring and IntegrationServer components are at 12.0.7.0-r1 or higher. Documentation on the upgrade process is available at <https://www.ibm.com/docs/en/app-connect/containers_cd?topic=releases-upgrading-operator>\n\n**App Connect Enterprise Certified Container 5.0 LTS (Long Term Support)**\n\nUpgrade to App Connect Enterprise Certified Container Operator version 5.0.2 or higher, and ensure that all DesignerAuthoring and IntegrationServer components are at 12.0.6.0-r2-lts or higher. Documentation on the upgrade process is available at <https://www.ibm.com/docs/en/app-connect-contlts?topic=releases-upgrading-operator>\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-12-09T10:03:16", "type": "ibm", "title": "Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer operands may be vulnerable to denial of service due to CVE-2022-41854", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-41854"], "modified": "2022-12-09T10:03:16", "id": "88DFB9E982D0A58C6136F965194F206A274D548D30DEA8A56A30E8B13938EBD4", "href": "https://www.ibm.com/support/pages/node/6846541", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-28T01:47:48", "description": "## Summary\n\nOperations Dashboard is vulnerable to Go CVE-2022-23806 with details below\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-23806](<https://vulners.com/cve/CVE-2022-23806>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by a flaw with IsOnCurve function returns true for invalid field elements. By sending a specially-crafted request, an attacker could exploit this vulnerability to causes a panic in ScalarMult, and results in a denial of condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/219444](<https://exchange.xforce.ibmcloud.com/vulnerabilities/219444>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nOperations Dashboard| 2020.4.1 \n2021.1.1 \n2021.2.1 \n2021.3.1 \n2021.4.1 \n \n\n\n## Remediation/Fixes\n\n**Operations Dashboard version 2020.4.1 in IBM Cloud Pak for Integration** \nUpgrade Operations Dashboard to 2020.4.1-8-eus using the Operator upgrade process described in the IBM Documentation \n<https://www.ibm.com/docs/en/cloud-paks/cp-integration/2020.4?topic=components-upgrading-operations-dashboard> \n \n**Operations Dashboard version 2021.1.1, 2021.2.1, 2021.3.1, and 2021.4.1 in IBM Cloud Pak for Integration** \nUpgrade Operations Dashboard to 2021.4.1-4 using the Operator upgrade process described in the IBM Documentation \n<https://www.ibm.com/docs/en/cloud-paks/cp-integration/2021.4?topic=capabilities-upgrading-integration-tracing>\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2022-04-08T14:54:10", "type": "ibm", "title": "Security Bulletin: Operations Dashboard is vulnerable to Go CVE-2022-23806", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23806"], "modified": "2022-04-08T14:54:10", "id": "7F469CFC041F0A861570BFF0B2EAA8E27C8745F53E8D1D2E37E215EB01C5CB2D", "href": "https://www.ibm.com/support/pages/node/6570627", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2023-02-28T01:36:46", "description": "## Summary\n\nIBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in Golang Go, caused by a flaw with the IsOnCurve function which returns true for invalid field elements. (CVE-2022-23806). Golang Go is included in some of the operators used in IBM Watson Speech. Please read the details for remediation below.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-23806](<https://vulners.com/cve/CVE-2022-23806>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by a flaw with IsOnCurve function returns true for invalid field elements. By sending a specially-crafted request, an attacker could exploit this vulnerability to causes a panic in ScalarMult, and results in a denial of condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/219444](<https://exchange.xforce.ibmcloud.com/vulnerabilities/219444>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Watson Speech Services Cartridge for IBM Cloud Pak for Data| 4.0.0 - 4.5.0 \n \n \n\n\n## Remediation/Fixes\n\nIBM recommends addressing the vulnerability now by upgrading. \n\nProduct(s)| Version(s) \n| Remediation/Fix/Instructions \n---|---|--- \nIBM Watson Speech Services Cartridge for IBM Cloud Pak for Data| 4.5.1| The fix in 4.5.1 applies to all versions listed (4.0.0-4.5.0). Version 4.5.1 can be downloaded and installed from: \n[https://www.ibm.com/docs/en/cloud-pa](<https://www.ibm.com/docs/en/cloud-paks/cp-data/4.5.x?topic=installing>)[ks/cp-data/4.5.x?topic=installing](<https://www.ibm.com/docs/en/cloud-paks/cp-data/4.5.x?topic=installing>) \n \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2023-01-12T21:59:00", "type": "ibm", "title": "Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in Golang Go (CVE-2022-23806)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23806"], "modified": "2023-01-12T21:59:00", "id": "93877A562B975C91505EC2DDCF1E0F2F75707DBF947F3BE156AF14689DE23283", "href": "https://www.ibm.com/support/pages/node/6610293", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2023-02-28T01:45:17", "description": "## Summary\n\nIBM has addressed the CVE\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-23806](<https://vulners.com/cve/CVE-2022-23806>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by a flaw with IsOnCurve function returns true for invalid field elements. By sending a specially-crafted request, an attacker could exploit this vulnerability to causes a panic in ScalarMult, and results in a denial of condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/219444](<https://exchange.xforce.ibmcloud.com/vulnerabilities/219444>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nDataPower Operator 1.2| 1.2.0-1.2.6 \nDataPower Operator 1.5| 1.5.0 \n \n\n\n## Remediation/Fixes\n\nAffected product| Fixed in version| Release notes \n---|---|--- \nDataPower Operator 1.2.x| 1.2.7| <https://ibm.github.io/datapower-operator-doc/release-notes/eus> \nDataPower Operator 1.5.x| 1.5.1| <https://ibm.github.io/datapower-operator-doc/release-notes/cd/> \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2022-06-20T16:01:51", "type": "ibm", "title": "Security Bulletin: DataPower Operator vulnerable to a Denial of Service (CVE-2022-23806)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23806"], "modified": "2022-06-20T16:01:51", "id": "1481DAF4C699DC048E77546A032C22E8B4F22C9CD2DD05E5F3423E026EF90E95", "href": "https://www.ibm.com/support/pages/node/6596955", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2023-02-28T01:46:39", "description": "## Summary\n\nPlatform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to denial of service due to Go CVE-2022-23806 with details below\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-23806](<https://vulners.com/cve/CVE-2022-23806>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by a flaw with IsOnCurve function returns true for invalid field elements. By sending a specially-crafted request, an attacker could exploit this vulnerability to causes a panic in ScalarMult, and results in a denial of condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/219444](<https://exchange.xforce.ibmcloud.com/vulnerabilities/219444>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nPlatform Navigator in IBM Cloud Pak for Integration (CP4I)| 2020.4.1 \n2021.1.1 \n2021.2.1 \n2021.3.1 \n2021.4.1 \nAutomation Assets in IBM Cloud Pak for Integration (CP4I)| 2020.4.1 \n2021.1.1 \n2021.2.1 \n2021.4.1 \n \n \n\n\n## Remediation/Fixes\n\n**Platform Navigator 2020.4.1 in ****IBM Cloud Pak for Integration**\n\nUpgrade Platform Navigator 2020.4.1 to 2020.4.1-6-eus using the Operator upgrade process described in the IBM Documentation \n<https://www.ibm.com/docs/en/cloud-paks/cp-integration/2020.4?topic=202041-upgrading-platform-navigator-component-deployment-interface>\n\n**Platform Navigator version 2021.1, 2021.2, 2021.3, or 2021.4 in IBM Cloud Pak for Integration**\n\nUpgrade Platform Navigator to 2021.4.1-1 using the Operator upgrade process described in the IBM Documentation\n\n<https://www.ibm.com/docs/en/cloud-paks/cp-integration/2021.4?topic=upgrading-platform-navigator-cloud-pak-integration-instance>\n\n** \n \nAsset Repository version 2020.4.1 in IBM Cloud Pak for Integration**\n\nUpgrade Asset Repository to 2020.4.1-5-eus using the Operator upgrade process described in the IBM Documentation\n\n<https://www.ibm.com/docs/en/cloud-paks/cp-integration/2020.4?topic=components-upgrading-asset-repository>\n\n**Asset Repository version 2021.1, 2021.2, or 2021.4 in IBM Cloud Pak for Integration**\n\nUpgrade Asset Repository to 2021.4.1-3 using the Operator upgrade process described in the IBM Documentation\n\n<https://www.ibm.com/docs/en/cloud-paks/cp-integration/2021.4?topic=capabilities-upgrading-automation-assets>\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2022-05-09T17:36:36", "type": "ibm", "title": "Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to denial of service due to Go CVE-2022-23806", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23806"], "modified": "2022-05-09T17:36:36", "id": "6F9C6903CD7D8203D4E82C06723CA4FB1AB9B0D048230D4EE8B7B6CCAE5D8671", "href": "https://www.ibm.com/support/pages/node/6582417", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2023-02-28T21:39:07", "description": "## Summary\n\nThe IBM App Connect Enterprise Certified Container operator and IntegrationServer operands utilise Golang Go. The IBM App Connect Enterprise Certified Container operator and IntegrationServer operands may be vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability CVE-2022-23806 in Golang Go.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-23806](<https://vulners.com/cve/CVE-2022-23806>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by a flaw with IsOnCurve function returns true for invalid field elements. By sending a specially-crafted request, an attacker could exploit this vulnerability to causes a panic in ScalarMult, and results in a denial of condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/219444](<https://exchange.xforce.ibmcloud.com/vulnerabilities/219444>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nApp Connect Enterprise Certified Container| 4.1 \nApp Connect Enterprise Certified Container| 4.2 \nApp Connect Enterprise Certified Container| 5.0 \nApp Connect Enterprise Certified Container| 5.1 \nApp Connect Enterprise Certified Container| 5.2 \n \n\n\n## Remediation/Fixes\n\n**App Connect Enterprise Certified Container 4.1, 4.2, 5.0, 5.1 and 5.2 (Continuous Delivery)**\n\nUpgrade to App Connect Enterprise Certified Container Operator version 6.0.0 or higher, and ensure that all DesignerAuthoring and IntegrationServer components are at 12.0.5.0-r4 or higher. Documentation on the upgrade process is available at <https://www.ibm.com/docs/en/app-connect/containers_cd?topic=releases-upgrading-operator>\n\n**App Connect Enterprise Certified Container 5.0 LTS (Long Term Support)**\n\nUpgrade to App Connect Enterprise Certified Container Operator version 5.0.1 or higher, and ensure that all DesignerAuthoring and IntegrationServer components are at 12.0.6.0-r1-lts or higher. Documentation on the upgrade process is available at <https://www.ibm.com/docs/en/app-connect-contlts?topic=releases-upgrading-operator>\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2022-11-04T16:48:03", "type": "ibm", "title": "Security Bulletin: IBM App Connect Enterprise Certified Container operator and IntegrationServer operands may be vulnerable to denial of service due to CVE-2022-23806", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23806"], "modified": "2022-11-04T16:48:03", "id": "51CE44C1C7A51E763D9A0FB6E6C7DB8CC2B8221BC5B619DC1E6EA5956B868D7E", "href": "https://www.ibm.com/support/pages/node/6837253", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2023-02-28T01:45:19", "description": "## Summary\n\nIBM has addressed the CVE, which may have affected DataPower Operator\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-23806](<https://vulners.com/cve/CVE-2022-23806>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by a flaw with IsOnCurve function returns true for invalid field elements. By sending a specially-crafted request, an attacker could exploit this vulnerability to causes a panic in ScalarMult, and results in a denial of condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/219444](<https://exchange.xforce.ibmcloud.com/vulnerabilities/219444>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM DataPower Gateway V10CD| 10.0.2.0-10.0.4.0 \nIBM DataPower Gateway 10.0.1| 10.0.1.0-10.0.1.6 \n \n\n\n## Remediation/Fixes\n\nAffected Product| Fixed in release| APAR \n---|---|--- \nIBM DataPower Gateway V10CD| 10.0.4.0sr1, 10.5.0.0| [IT40373](<https://www.ibm.com/support/pages/apar/IT40373> \"IT40373\" ) \nIBM DataPower Gateway 10.0.1| 10.0.1.6sr1| [IT40373](<https://www.ibm.com/support/pages/apar/IT40373> \"IT40373\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2022-06-17T21:24:06", "type": "ibm", "title": "Security Bulletin: Potential Denial of Service in IBM DataPower Gateway (CVE-2022-23806)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23806"], "modified": "2022-06-17T21:24:06", "id": "81C6A358F17E973E45D7EB18F13FD90C43F11DE4197BCA2FAD44339C44E0E4D6", "href": "https://www.ibm.com/support/pages/node/6596139", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2023-02-28T21:34:54", "description": "## Summary\n\nThere are vulnerabilities in the IBM\u00ae Runtime Environment Java\u2122 Versions 7 and 8, which is used by IBM Rational ClearCase. These issues were disclosed as part of the IBM Java SDK updates in Oct 2022 - Includes Oracle October 2022 CPU\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-21626](<https://vulners.com/cve/CVE-2022-21626>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Security component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/238689](<https://exchange.xforce.ibmcloud.com/vulnerabilities/238689>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Rational ClearCase| 9.1 \nIBM Rational ClearCase| 9.0.2 \n \n## Remediation/Fixes\n\nThe solution is to install a fix that includes an updated Java\u2122 Virtual Machine with fixes for the issues, and to apply fixes for WebSphere Application Server (WAS).\n\n#### **Client and server fixes**\n\nApply the relevant fixes as listed in the table below. \n\n**Affected Versions**\n\n| \n\n**Applying the fix** \n \n---|--- \n9.1 through 9.1.0.4| Install [Rational ClearCase Fix Pack 4 (9.1.0.4) for 9.1](<https://www.ibm.com/support/pages/node/6851557> \"Rational ClearCase Fix Pack 4 \$9.1.0.4\$ for 9.1\" ) \n \n9.0.2 through 9.0.2.7\n\n| Install [Rational ClearCase Fix Pack 7 (9.0.2.7) for 9.0.2](<https://www.ibm.com/support/pages/node/6851559> \"Rational ClearCase Fix Pack 7 \$9.0.2.7\$ for 9.0.2\" ) \n \n_For 9.0.1.x and earlier releases, IBM recommends upgrading to a fixed, supported version/release/platform of the product._\n\n**Notes:**\n\nIf you use CCRC as an extension offering installed into an Eclipse shell (one not provided as part of a ClearCase release), or you use rcleartool or CMAPI using a Java\u2122 Virtual Machine not supplied by IBM as part of Rational ClearCase, you should update the Java\u2122 Virtual Machine that you use to include a fix for the above issues. Contact the supplier of your Java\u2122 Virtual Machine and/or the supplier of your Eclipse shell.\n\n#### **CCRC WAN server fixes**\n\n**Affected Versions**\n\n| \n\n**Applying the fix** \n \n---|--- \n \n9.0.2.x\n\n9.1.0.x \n\n| Apply the appropriate WebSphere Application Server fix directly to your CCRC WAN server host. No ClearCase-specific steps are necessary. \n \n 1. Determine the WAS version used by your CCRC WAN server. Navigate to the CCRC profile directory (either the profile you specified when installing ClearCase, or `<ccase-home>/common/ccrcprofile`), then execute the script: `bin/versionInfo.sh `(UNIX) or `bin\\versionInfo.bat `(Windows). The output includes a section \"IBM WebSphere Application Server\". Make note of the version listed in this section.\n 2. Review the following WAS security bulletin: \n[Security Bulletin: Multiple Vulnerabilities in IBM\u00ae Java SDK affect IBM WebSphere Application Server and IBM WebSphere Application Server Liberty due to the October 2022 CPU](<https://www.ibm.com/support/pages/node/6839565>) \n[Security Bulletin: Multiple Vulnerabilities in IBM\u00ae Java SDK affect WebSphere Application Server October 2021 CPU](<https://www.ibm.com/support/pages/node/6520468>) \nand apply the latest available fix for the version of WAS used for CCRC WAN server.\n\n**Note: **there may be newer security fixes for WebSphere Application Server. Follow the link below (in the section \"", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2023-01-31T13:55:53", "type": "ibm", "title": "Security Bulletin: A vulnerability in the IBM Java Runtime affects IBM Rational ClearCase (CVE-2022-21626)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-21626"], "modified": "2023-01-31T13:55:53", "id": "8271DA3A40630C2ED7F6D3D137F6651932C4B2E5976E9E2E07E160409BF14EAC", "href": "https://www.ibm.com/support/pages/node/6855597", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-13T09:34:30", "description": "## Summary\n\nThere is a vulnerability in IBM Runtime Environment Java Technology Edition, Version 7 and 8 used by IBM Sterling Connect:Direct for Microsoft Windows. IBM Sterling Connect:Direct for Microsoft Windows has addressed the applicable CVE [CVE-2022-21626].\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-21626](<https://vulners.com/cve/CVE-2022-21626>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Security component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/238689](<https://exchange.xforce.ibmcloud.com/vulnerabilities/238689>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Sterling Connect:Direct for Microsoft Windows| 4.8.0.0 - 4.8.0.3_iFix052 \nIBM Sterling Connect:Direct for Microsoft Windows| 6.0.0.0 - 6.0.0.4_iFix060 \nIBM Sterling Connect:Direct for Microsoft Windows| 6.1.0.0 - 6.1.0.2_iFix054 \nIBM Sterling Connect:Direct for Microsoft Windows| 6.2.0.0 - 6.2.0.4_iFix020 \n \n\n\n## Remediation/Fixes\n\nIBM strongly recommends addressing the vulnerability now by upgrading. \n\n**Product(s)**| **Version(s)**| **APAR**| **Remediation / Fix** \n---|---|---|--- \nIBM Sterling Connect:Direct for Microsoft Windows| 4.8.0.0 - 4.8.0.3_iFix052| [IT42991](<https://www.ibm.com/support/pages/apar/IT42991> \"IT42991\" )| Apply [4.8.0.3_iFix053](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%20software&product=ibm/Other+software/Sterling+Connect%3ADirect+for+Microsoft+Windows&release=4.8.0.3&platform=All&function=aparId&apars=IT42991> \"4.8.0.3_iFix053\" ), available on Fix Central \nIBM Sterling Connect:Direct for Microsoft Windows| 6.0.0.0 - 6.0.0.4_iFix060| [IT42991](<https://www.ibm.com/support/pages/apar/IT42991> \"IT42991\" )| Apply [6.0.0.4_iFix061](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%20software&product=ibm/Other+software/Sterling+Connect%3ADirect+for+Microsoft+Windows&release=6.0.0.4&platform=All&function=aparId&apars=IT42991> \"6.0.0.4_iFix061\" ), available on Fix Central \nIBM Sterling Connect:Direct for Microsoft Windows| 6.1.0.0 - 6.1.0.2_iFix054| [IT42991](<https://www.ibm.com/support/pages/apar/IT42991> \"IT42991\" )| Apply [6.1.0.2_iFix055](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%20software&product=ibm/Other+software/Sterling+Connect%3ADirect+for+Microsoft+Windows&release=6.1.0.2&platform=All&function=aparId&apars=IT42991> \"6.1.0.2_iFix055\" ), available on Fix Central \nIBM Sterling Connect:Direct for Microsoft Windows| 6.2.0.0 - 6.2.0.4_iFix020| [IT42991](<https://www.ibm.com/support/pages/apar/IT42991> \"IT42991\" )| Apply [6.2.0.4_iFix021](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%20software&product=ibm/Other+software/Sterling+Connect%3ADirect+for+Microsoft+Windows&release=6.2.0.4&platform=All&function=aparId&apars=IT42991> \"6.2.0.4_iFix021\" ), available on Fix Central \n \nFor unsupported versions IBM recommends upgrading to a fixed, supported version of the product. \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2023-02-07T16:00:13", "type": "ibm", "title": "Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to denial of service due to IBM Runtime Environment Java Technology Edition (CVE-2022-21626)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-21626"], "modified": "2023-02-07T16:00:13", "id": "44BE2B696C0E190DC3C45BE01238E31B87B7468AA00A501F0F3C22C11FF54FF2", "href": "https://www.ibm.com/support/pages/node/6953583", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-03-27T19:14:37", "description": "## Summary\n\nIBM MQ Appliance has resolved a Java SE vulnerability.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-21626](<https://vulners.com/cve/CVE-2022-21626>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Security component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/238689](<https://exchange.xforce.ibmcloud.com/vulnerabilities/238689>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM MQ Appliance| 9.2 LTS \nIBM MQ Appliance| 9.2 CD \nIBM MQ Appliance| 9.3 LTS \nIBM MQ Appliance| 9.3 CD \n \n## Remediation/Fixes\n\nThis vulnerability is addressed under IT42457\n\n**IBM strongly recommends addressing the vulnerability now.**\n\n**IBM MQ Appliance version 9.2 LTS**\n\nApply [IBM MQ Appliance 9.2.0.7 fixpack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/IBM+MQ+Appliance+M2000&function=fixId&fixids=9.2.0.7-IBM-MQ-Appliance-U0000+&includeSupersedes=1> \"IBM MQ Appliance 9.2.0.7 fixpack\" ), or later firmware.\n\n**IBM MQ Appliance version 9.2 CD**\n\nApply [IBM MQ Appliance 9.2.5 CSU04](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/IBM+MQ+Appliance+M2000&function=fixId&fixids=9.2.5-IBM-MQ-Appliance-CSU04+&includeSupersedes=1> \"IBM MQ Appliance 9.2.5 CSU04\" ), or later firmware.\n\n**IBM MQ Appliance version 9.3 LTS**\n\nApply [IBM MQ Appliance 9.3.0.2 fixpack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/IBM+MQ+Appliance+M2000&function=fixId&fixids=9.3.0.2-IBM-MQ-Appliance+&includeSupersedes=1> \"IBM MQ Appliance 9.3.0.2 fixpack\" ), or later firmware.\n\n**IBM MQ Appliance version 9.3 CD**\n\nApply [IBM MQ Appliance 9.3.1.1 cumulative security update](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/IBM+MQ+Appliance+M2000&function=fixId&fixids=9.3.1.1-IBM-MQ-Appliance+&includeSupersedes=1> \"IBM MQ Appliance 9.3.1.1 cumulative security update\" ), or later firmware.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2023-03-27T15:33:12", "type": "ibm", "title": "Security Bulletin: IBM MQ Appliance is vulnerable to an unspecified Java SE vulnerability (CVE-2022-21626)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-21626"], "modified": "2023-03-27T15:33:12", "id": "3CBB5BB93D767D27ACC627761E5F8B4371CEC60989A40BEFA15966D7D198BB77", "href": "https://www.ibm.com/support/pages/node/6852713", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-03-29T03:55:32", "description": "## Summary\n\nA vulnerability in IBM\u00ae Runtime Environment Java\u2122 Technology Edition affects the product's management GUI. The Command Line Interface is unaffected.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-21626](<https://vulners.com/cve/CVE-2022-21626>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Security component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/238689](<https://exchange.xforce.ibmcloud.com/vulnerabilities/238689>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Spectrum Virtualize| 8.2 \nIBM Spectrum Virtualize| 8.3 \nIBM Spectrum Virtualize| 8.4 \nIBM Spectrum Virtualize| 8.5 \n \nNote that this applies to all IBM SAN Volume Controller, IBM Storwize and IBM FlashSystem products which run IBM Spectrum Virtualize software.\n\n \n\n\n## Remediation/Fixes\n\nIBM recommends that you fix this vulnerability by upgrading affected versions of IBM SAN Volume Controller, IBM Storwize V7000, IBM Storwize V5000 and V5100, IBM Storwize V5000E, IBM Spectrum Virtualize Software, IBM Spectrum Virtualize for Public Cloud, IBM FlashSystem V9000, IBM FlashSystem 9500, IBM FlashSystem 9100 Family, IBM FlashSystem 9200, IBM FlashSystem 7300, IBM FlashSystem 7200, IBM FlashSystem 5200 and IBM FlashSystem 5000 to the following code levels or higher:\n\n8.5.3.0\n\n8.5.2.3\n\n8.5.0.7\n\n8.4.0.10\n\n8.3.1.9\n\n8.2.1.17\n\n[Latest IBM SAN Volume Controller Code](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Storage%20virtualization&product=ibm/StorageSoftware/SAN+Volume+Controller+%282145%29&release=All&platform=All&function=all>)[ \n](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Spectrum+Virtualize+for+Public+Cloud&release=8.1&platform=All&function=all>)[Latest IBM Storwize V7000 Code](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Mid-range%20disk%20systems&product=ibm/Storage_Disk/IBM+Storwize+V7000+%282076%29&release=All&platform=All&function=all>)[ \n](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Spectrum+Virtualize+for+Public+Cloud&release=8.1&platform=All&function=all>)[Latest IBM Storwize V5000 and V5100 Code](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Mid-range%20disk%20systems&product=ibm/Storage_Disk/IBM+Storwize+V5000&release=All&platform=All&function=all>)[ \n](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Spectrum+Virtualize+for+Public+Cloud&release=8.1&platform=All&function=all>)[Latest IBM Storwize V5000E Code](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Mid-range%20disk%20systems&product=ibm/Storage_Disk/IBM+Storwize+V5000E&release=All&platform=All&function=all>)[ \n](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Spectrum+Virtualize+for+Public+Cloud&release=8.1&platform=All&function=all>)[Latest IBM FlashSystem V9000 Code](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Flash%20high%20availability%20systems&product=ibm/StorageSoftware/IBM+FlashSystem+V9000&release=All&platform=All&function=all>)[ \n](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Spectrum+Virtualize+for+Public+Cloud&release=8.1&platform=All&function=all>)[Latest IBM FlashSystem 9500 Code](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Flash%20high%20availability%20systems&product=ibm/StorageSoftware/IBM+FlashSystem+9500&release=All&platform=All&function=all> \"\" )[ \n](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Spectrum+Virtualize+for+Public+Cloud&release=8.1&platform=All&function=all>)[Latest IBM FlashSystem 9100 Family Code](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Flash%20high%20availability%20systems&product=ibm/StorageSoftware/IBM+FlashSystem+9100+family&release=All&platform=All&function=all> \"\" )[ \n](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Spectrum+Virtualize+for+Public+Cloud&release=8.1&platform=All&function=all>)[Latest IBM FlashSystem 9200 Code](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Flash%20high%20availability%20systems&product=ibm/StorageSoftware/IBM+FlashSystem+9200&release=All&platform=All&function=all> \"\" )[ \n](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Spectrum+Virtualize+for+Public+Cloud&release=8.1&platform=All&function=all>)[Latest IBM FlashSystem 7300 Code](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Flash%20high%20availability%20systems&product=ibm/StorageSoftware/IBM+FlashSystem+7300&release=All&platform=All&function=all> \"\" )[ \n](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Spectrum+Virtualize+for+Public+Cloud&release=8.1&platform=All&function=all>)[Latest IBM FlashSystem 7200 Code](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Flash%20high%20availability%20systems&product=ibm/StorageSoftware/IBM+FlashSystem+7200&release=All&platform=All&function=all> \"\" )[ \n](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Spectrum+Virtualize+for+Public+Cloud&release=8.1&platform=All&function=all>)[Latest IBM FlashSystem 5000 and 5200 Code](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Flash%20high%20availability%20systems&product=ibm/StorageSoftware/IBM+FlashSystem+5000&release=All&platform=All&function=all> \"\" )[ \n](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Spectrum+Virtualize+for+Public+Cloud&release=8.1&platform=All&function=all>)[Latest IBM Spectrum Virtualize Software](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Spectrum+Virtualize+software&release=All&platform=All&function=all>)[ \n](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Spectrum+Virtualize+for+Public+Cloud&release=8.1&platform=All&function=all>)[Latest IBM Spectrum Virtualize for Public Cloud](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Spectrum+Virtualize+for+Public+Cloud&release=All&platform=All&function=all>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2023-03-29T01:48:02", "type": "ibm", "title": "Security Bulletin: A vulnerability in IBM Java affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-21626"], "modified": "2023-03-29T01:48:02", "id": "5FF84049776B70C5BBF2F0C7E2A796633B261CD6EF67A56097040D61F16328AC", "href": "https://www.ibm.com/support/pages/node/6858041", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-17T09:33:46", "description": "## Summary\n\nThere are multiple vulnerabilities in Golang Go used by IBM Decision Optimization in IBM Cloud Pak for Data. IBM Decision Optimization in IBM Cloud Pak for Data has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-21626](<https://vulners.com/cve/CVE-2022-21626>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Security component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/238689](<https://exchange.xforce.ibmcloud.com/vulnerabilities/238689>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nDecision Optimization for Cloud Pak for Data| All \n \n\n\n## Remediation/Fixes\n\nIBM strongly suggests to upgrade to IBM Decision Optimization in IBM Cloud Pak for Data 4.6.1 or higher, using the Operator upgrade process described in the IBM Documentation: \n\n<https://www.ibm.com/docs/en/cloud-paks/cp-data/4.6.x?topic=u-upgrading-from-version-46-8>\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2023-02-17T07:48:30", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in Golang Go affect IBM Decision Optimization in IBM Cloud Pak for Data", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-21626"], "modified": "2023-02-17T07:48:30", "id": "50DCC01C96F7800F4E5A57D300448F2A0FF35FDC26FE0285622B3CBE88205A3C", "href": "https://www.ibm.com/support/pages/node/6956505", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-28T21:35:21", "description": "## Summary\n\nA vulnerability exists in IBM\u00ae Runtime Environment Java\u2122 Versions 8, which is used by the desktop version of IBM Process Designer 8.5.7 shipped with IBM Business Automation Workflow. IBM Process Designer has addressed the applicable CVE.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-21626](<https://vulners.com/cve/CVE-2022-21626>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Security component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/238689](<https://exchange.xforce.ibmcloud.com/vulnerabilities/238689>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nIBM Process Designer 8.5.7 is shipped with the following versions of IBM Business Automation Workflow:\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Business Automation Workflow| 19.0.0.3 - 22.0.1 \n \n## Remediation/Fixes\n\nInstall interim fix DT173355 for your version:\n\n * [IBM Business Automation Workflow 22.0.1](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+Business+Automation+Workflow&release=All&platform=All&function=fixId&fixids=8.6.30022010-WS-BPMPCPD-IFDT173355&includeSupersedes=0&source=fc>)\n * [IBM Business Automation Workflow 21.0.3](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+Business+Automation+Workflow&release=All&platform=All&function=fixId&fixids=8.6.30021031-WS-BPMPCPD-IFDT173355&includeSupersedes=0&source=fc>)\n * [IBM Business Automation Workflow 20.0.0.2](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+Business+Automation+Workflow&release=All&platform=All&function=fixId&fixids=8.6.20020002-WS-BPMPCPD-IFDT173355&includeSupersedes=0&source=fc>)\n * [IBM Business Automation Workflow 19.0.0.3](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+Business+Automation+Workflow&release=All&platform=All&function=fixId&fixids=8.6.10019003-WS-BPMPCPD-IFDT173355&includeSupersedes=0&source=fc>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2023-01-20T21:34:04", "type": "ibm", "title": "Security Bulletin: A CVE-2022-21626 vulnerability in IBM Java Runtime affects IBM Process Designer 8.5.7 shipped with IBM Business Automation Workflow", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-21626"], "modified": "2023-01-20T21:34:04", "id": "7E3F42C505D4AC9F43C1F504CCB4D99DE456ACE8D89C9DBAE11447B628A0F8A5", "href": "https://www.ibm.com/support/pages/node/6856759", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-13T17:34:03", "description": "## Summary\n\nIBM Java is used by IBM Sterling Connect:Direct FTP+ on AIX, Linux, Solaris, and Windows platforms in product configuration and data transmission. IBM Sterling Connect:Direct FTP+ on AIX, Linux, Solaris, and Windows platforms is impacted by a denial of service issue in IBM Java (CVE-2022-21626). IBM Sterling Connect:Direct FTP+ on AIX, Linux, Solaris, and Windows platforms has upgraded IBM Java to version 8.0.7.20 to address the issue.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-21626](<https://vulners.com/cve/CVE-2022-21626>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Security component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/238689](<https://exchange.xforce.ibmcloud.com/vulnerabilities/238689>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Sterling Connect:Direct FTP+| 1.3.0.0-1.3.0.0.iFix021 \n \n\n\n## Remediation/Fixes\n\nIBM strongly recommends addressing the vulnerability now by upgrading **Product**| **Version**| **Remediation/Fix/Instructions** \n---|---|--- \nIBM Sterling Connect:Direct FTP+| 1.3.0.0-1.3.0.0.iFix021| Apply 1.3.0.iFix022, available on [Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+Connect%3ADirect+FTP+Plus&release=1.3.0.0&platform=All&function=fixId&fixids=1.3.0.0*iFix022*&includeSupersedes=0> \"Fix Central\" ). \n \nFor versions previous to 1.3.0, IBM recommends upgrading to a fixed, supported version of the product.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2023-02-13T15:53:30", "type": "ibm", "title": "Security Bulletin: IBM Sterling Connect:Direct FTP+ is vulnerable to denial of service due to IBM Java (CVE-2022-21626)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-21626"], "modified": "2023-02-13T15:53:30", "id": "42D2F393E2D5968188FE1066AA0401FE0337938BCE287834FB8D9D4F5E95C324", "href": "https://www.ibm.com/support/pages/node/6955079", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-13T13:33:21", "description": "## Summary\n\nIBM Java is used by IBM Sterling Connect:Direct for UNIX on AIX, Linux, and Solaris platforms in product configuration, management, and data transmission. IBM Sterling Connect:Direct for UNIX on AIX, Linux, and Solaris platforms is impacted by a denial of service issue in IBM Java (CVE-2022-21626). IBM Sterling Connect:Direct for UNIX on AIX, Linux, and Solaris platforms has upgraded IBM Java to version 8.0.7.20 to address the issue.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-21626](<https://vulners.com/cve/CVE-2022-21626>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Security component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/238689](<https://exchange.xforce.ibmcloud.com/vulnerabilities/238689>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Sterling Connect:Direct for UNIX| 6.2.0.0 - 6.2.0.5.iFix020 \nIBM Sterling Connect:Direct for UNIX| 6.1.0.0 - 6.1.0.4.iFix076 \nIBM Sterling Connect:Direct for UNIX| 6.0.0.0 - 6.0.0.2.iFix144 \nIBM Sterling Connect:Direct for UNIX| 4.3.0.0 - 4.3.0.1.iFix108 \n \n\n\n## Remediation/Fixes\n\nIBM strongly recommends addressing the vulnerability now by upgrading \n\n**Product**| **Version**| **Remediation/Fix/Instructions** \n---|---|--- \nIBM Sterling Connect:Direct for UNIX| 6.2.0| Apply 6.2.0.5.iFix021, available on [Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+Connect%3ADirect+for+UNIX&release=6.2.0.5&platform=All&function=fixId&fixids=6.2.0.5*iFix021*&includeSupersedes=0>). \nIBM Sterling Connect:Direct for UNIX| 6.1.0| Apply 6.1.0.4.iFix077, available on [Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+Connect%3ADirect+for+UNIX&release=6.1.0.4&platform=All&function=fixId&fixids=6.1.0.4*iFix077*&includeSupersedes=0> \"Fix Central\" ). \nIBM Sterling Connect:Direct for UNIX| 6.0.0| Apply 6.0.0.2.iFix145, available on [Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+Connect%3ADirect+for+UNIX&release=6.0.0.2&platform=All&function=fixId&fixids=6.0.0.2*iFix145*&includeSupersedes=0> \"Fix Central\" ). \nIBM Sterling Connect:Direct for UNIX| 4.3.0| Apply 4.3.0.1.iFix109, available on [Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+Connect%3ADirect+for+UNIX&release=4.3.0.1&platform=All&function=fixId&fixids=4.3.0.1*iFix109*&includeSupersedes=0>). \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2023-02-10T15:45:27", "type": "ibm", "title": "Security Bulletin: IBM Sterling Connect:Direct for UNIX is vulnerable to denial of servce due to IBM Java (CVE-2022-21626)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-21626"], "modified": "2023-02-10T15:45:27", "id": "FDDBFD86A5F57AD1AEF0B5EC6E55F3566A9540EA301A183BCF86D5ACA28FE658", "href": "https://www.ibm.com/support/pages/node/6954727", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-28T21:35:43", "description": "## Summary\n\nIBM MQ Internet Pass-Thru has addressed the following vulnerability in the IBM\u00ae Runtime Environment Java\u2122 Technology Edition, Version 7 and Version 8 used by IBM MQ Internet Pass-Thru.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2022-21626](<https://vulners.com/cve/CVE-2022-21626>) \n**DESCRIPTION: **An unspecified vulnerability in Java SE related to the Security component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/238689](<https://exchange.xforce.ibmcloud.com/vulnerabilities/238689>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nIBM WebSphere Internet Pass-Thru | 2.1 \n \n## Remediation/Fixes\n\n**IBM WebSphere Internet Pass-Thru version 2.1** IBM strongly recommends that you address this vulnerability now by applying [fix pack MQIPT 2.1.0.6](<https://www.ibm.com/support/pages/node/572489> \"fix pack MQIPT 2.1.0.6\" ) and upgrading the MQIPT JRE to the latest available for MQIPT 2.1.0.6. \n\nNote: This MQIPT 2.1 JRE update is provided on Solaris platforms only, for users with appropriate extended support entitlement. Contact IBM support to obtain the installation files for MQIPT 2.1.0.6 and the JRE update for MQIPT 2.1.0.6 on Solaris. Users of MQIPT 2.1 on all other platforms should migrate to MQIPT 9.3.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2023-01-13T17:39:00", "type": "ibm", "title": "Security Bulletin: IBM MQ Internet Pass-Thru is vulnerable to an issue within IBM\u00ae Runtime Environment Java\u2122 Technology Edition, Version 7 and Version 8 (CVE-2022-21626)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-21626"], "modified": "2023-01-13T17:39:00", "id": "DC156DF61A378C5F680691E655CAB280AE91D82C421725F9A5FE5C6C1B3B3F9A", "href": "https://www.ibm.com/support/pages/node/6855351", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-14T01:33:19", "description": "## Summary\n\nAn unspecified vulnerability in Java SE related to the Security component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-21626](<https://vulners.com/cve/CVE-2022-21626>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Security component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/238689](<https://exchange.xforce.ibmcloud.com/vulnerabilities/238689>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Sterling Control Center| 6.1.3 \nIBM Sterling Control Center| 6.2.1.0 \nIBM Sterling Control Center| 6.3.0 \n \n\n\n## Remediation/Fixes\n\nProduct\n\n| \n\nVersion\n\n| \n\nRemediation \n \n---|---|--- \n \nIBM Sterling Control Center\n\n| \n\n6.1.3.0 GA through iFix14\n\n| \n\n6.1.3.0 iFix15 [Fix Central - 6.1.3.0](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+Control+Center&release=6.1.3.0&platform=All&function=all>) \n \nIBM Sterling Control Center\n\n| \n\n6.2.1.0 GA through iFix09\n\n| \n\n6.2.1.0 iFix10 [Fix Central - 6.2.1.0](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+Control+Center&release=6.2.1.0&platform=All&function=all>) \n \nIBM Sterling Control Center\n\n| \n\n6.3.0.0 GA\n\n| \n\n6.3.0.0 iFix01 [Fix Central - 6.3.0.0](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+Control+Center&release=6.3.0.0&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2023-02-13T21:56:47", "type": "ibm", "title": "Security Bulletin: IBM Sterling Control Center is vulnerable to a denial of service due to Jave SE (CVE-2022-21626)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-21626"], "modified": "2023-02-13T21:56:47", "id": "39483C1D88EDE6E1217BE5AE44B5E429C17BC3FFB232291B8DF1B1B982203088", "href": "https://www.ibm.com/support/pages/node/6955277", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-28T21:34:50", "description": "## Summary\n\nThere are multiple vulnerabilities in the IBM\u00ae Runtime Environment Java\u2122 Versions 7 and 8, which are used by IBM Rational ClearQuest. These issues were disclosed in the IBM Java SDK updates in October 2022. IBM Rational ClearQuest has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2022-21626](<https://vulners.com/cve/CVE-2022-21626>) \n**DESCRIPTION: **An unspecified vulnerability in Java SE related to the Security component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/238689](<https://exchange.xforce.ibmcloud.com/vulnerabilities/238689>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nIBM Rational ClearQuest | 9.0.1 \nIBM Rational ClearQuest | 9.0.2 \nIBM Rational ClearQuest | 9.1 \n \n## Remediation/Fixes\n\nThe solution is to install a fix that includes an updated Java\u2122 Virtual Machine with fixes for the issues, and to apply fixes for WebSphere Application Server (WAS). \n\n**ClearQuest Eclipse Clients** \nApply the relevant fixes as listed in the table below.\n\n**Affected Versions**\n\n| \n\n**Applying the fix**\n\n| \n---|---|--- \n \n9.1 through 9.1.0.3\n\n| Install [Rational ClearQuest Fix Pack 4 (9.1.0.4) for 9.1](<https://www.ibm.com/support/pages/node/6853667> \"Rational ClearQuest Fix Pack 3 \$9.1.0.3\$ for 9.1\" ) | \n \n9.0.2 through 9.0.2.6 \n9.0.1 through 9.0.1.14\n\n| Install [Rational ClearQuest Fix Pack 7 (9.0.2.7) for 9.0.2](<https://www.ibm.com/support/pages/node/6853665> \"Rational ClearQuest Fix Pack 6 \$9.0.2.6\$ for 9.0.2\" ) | \n \n_For 9.0.0.x, 8.0.1.x, 8.0.0.x and earlier releases, IBM recommends upgrading to a fixed, supported version/release/platform of the product._\n\n**ClearQuest Web/CQ OSLC Server/CM Server Component**\n\n 1. Determine the WAS version used by your CM server. Navigate to the CM profile directory (either the profile you specified when installing ClearQuest, or `<clearquest-home>/cqweb/cqwebprofile`), then execute the script: `bin/versionInfo.sh `(UNIX) or `bin\\versionInfo.bat `(Windows). The output includes a section \"IBM WebSphere Application Server\". Make note of the version listed in this section.\n 2. Review the following WAS security bulletin: \n[Security Bulletin: Multiple Vulnerabilities in IBM\u00ae Java SDK affect IBM WebSphere Application Server and IBM WebSphere Application Server Liberty due to the October 2022 CPU](<https://www.ibm.com/support/pages/node/6839565> \"Security Bulletin: Multiple Vulnerabilities in IBM\u00ae Java SDK affect IBM WebSphere Application Server and IBM WebSphere Application Server Liberty due to the October 2022 CPU\" ) \nand apply the latest available fix for the version of WAS used for CM server.\n\n**Note: **there may be newer security fixes for WebSphere Application Server. Follow the link above (in the section \"", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2023-02-01T05:40:03", "type": "ibm", "title": "Security Bulletin: A vulnerability in the IBM Java Runtime affects IBM Rational ClearQuest (CVE-2022-21626)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-21626"], "modified": "2023-02-01T05:40:03", "id": "8A80F344EBFCFC30424F4B236E0BCEA911FC3C5A51859876D808039E8C61FAD0", "href": "https://www.ibm.com/support/pages/node/6856023", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-28T21:34:46", "description": "## Summary\n\nThere is a vulnerability in IBM Runtime Environment Java Technology Edition, Version 7 and 8 used by IBM Sterling Connect:Direct File Agent. IBM Sterling Connect:Direct File Agent has addressed the issue.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-21626](<https://vulners.com/cve/CVE-2022-21626>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Security component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/238689](<https://exchange.xforce.ibmcloud.com/vulnerabilities/238689>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Sterling Connect:Direct File Agent| 1.4.0.0 - 1.4.0.2_iFix033 with bundled JRE \n \n\n\n## Remediation/Fixes\n\n**Product(s)**| **Version(s)**| **APAR**| **Remediation / Fix** \n---|---|---|--- \nIBM Sterling Connect:Direct File Agent| 1.4.0.0 - 1.4.0.2_iFix033| [IT42944](<https://www.ibm.com/support/pages/apar/IT42944> \"IT42944\" )| Apply [1.4.0.2_iFix034](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+Connect%3ADirect+File+Agent&release=1.4.0.2&platform=All&function=aparId&apars=IT42944> \"1.4.0.2_iFix034\" ) on AIX, Linux, Solaris and Windows, available on IBM Fix Central \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2023-02-01T15:09:09", "type": "ibm", "title": "Security Bulletin: IBM Sterling Connect:Direct File Agent is vulnerable to a denial of service due to IBM Runtime Environment Java Technology Edition (CVE-2022-21626)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-21626"], "modified": "2023-02-01T15:09:09", "id": "2EF5677A3F23861B8D0D2574DAF8E448757B7776BAEF3A64C7E654636BCEEF3E", "href": "https://www.ibm.com/support/pages/node/6909477", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-28T21:35:09", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Version 8 used by Watson Explorer and Watson Explorer Content Analytics Studio. Watson Explorer and Watson Explorer Content Analytics Studio have addressed the applicable CVEs. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-21626](<https://vulners.com/cve/CVE-2022-21626>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Security component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/238689](<https://exchange.xforce.ibmcloud.com/vulnerabilities/238689>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Watson Explorer DAE \nFoundational Components| 12.0.0.0, 12.0.1, 12.0.2.0 - 12.0.2.2, 12.0.3.0 - 12.0.3.10 \nIBM Watson Explorer DAE \nAnalytical Components| 12.0.0.0, 12.0.1, 12.0.2.0 - 12.0.2.2, 12.0.3.0 - 12.0.3.10 \nIBM Watson Explorer DAE \noneWEX| 12.0.0.0, 12.0.1, 12.0.2.0 - 12.0.2.2, 12.0.3.0 - 12.0.3.10 \nIBM Watson Explorer \nFoundational Components| 11.0.0.0 - 11.0.0.3, \n11.0.1, \n11.0.2.0 - \n11.0.2.14 \nIBM Watson Explorer Foundational Components Annotation Administration Console| 12.0.0.0, 12.0.1, 12.0.2.0 - 12.0.2.2, 12.0.3.0 - 12.0.3.10 \nIBM Watson Explorer Foundational Components Annotation Administration Console| 11.0.0.0 - 11.0.0.3, \n11.0.1, \n11.0.2.0 - \n11.0.2.14 \nIBM Watson Explorer Analytical Components| 11.0.0.0 - 11.0.0.3, \n11.0.1, \n11.0.2.0 - \n11.0.2.14 \nIBM Watson Explorer Content Analytics Studio| 12.0.0, 12.0.1, 12.0.2, 12.0.3 \nIBM Watson Explorer Content Analytics Studio| 11.0.0.0 - 11.0.0.3, \n11.0.1, 11.0.2.0 - 11.0.2.2 \n \n## Remediation/Fixes\n\n**Affected Produc****t**| **Affected Versions**| **Required IBM Java Runtime**| **How to acquire and apply the fix** \n---|---|---|--- \nIBM Watson Explorer DAE \nFoundational Components| 12.0.0.0, 12.0.1, 12.0.2.0 - 12.0.2.2, 12.0.3.0 - 12.0.3.10| JVM 8 SR7 FP20 or later| \n\n 1. If you have not already installed, install V12.0.3.10 (see the Fix Pack [download document](<http://www.ibm.com/support/pages/node/6579251>)). If you upgrade to Version 12.0.3.10 after you update IBM Java Runtime, your changes are lost and you must repeat the steps.\n 2. Download the IBM Java Runtime, Version 8 package for your operating system from [Fix Central](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Watson%2BGroup&product=ibm/Information+Management/InfoSphere+Data+Explorer&release=12.0.3.10&platform=All&function=all>): interim fix **12.0.3.10-WS-WatsonExplorer-DAEFoundational-<OS>-8SR7FP20** or later (for example, 12.0.3.10-WS-WatsonExplorer-DAEFoundational-Linux-8SR7FP20).\n 3. To apply the fix, follow the steps in [Updating IBM Java Runtime](<https://www.ibm.com/support/pages/node/6565665>). \nIBM Watson Explorer DAE \nAnalytical Components| 12.0.0.0, 12.0.1, 12.0.2.0 - 12.0.2.2, 12.0.3.0 - 12.0.3.10| JVM 8 SR7 FP20 or later| \n\n 1. If you have not already installed, install V12.0.3.10 (see the Fix Pack [download document](<http://www.ibm.com/support/pages/node/6579283>)). If you upgrade to Version 12.0.3.10 after you update IBM Java Runtime, your changes are lost and you must repeat the steps.\n 2. Download the IBM Java Runtime, Version 8 package for your operating system from [Fix Central](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Watson%2BGroup&product=ibm/Information+Management/InfoSphere+Data+Explorer&release=12.0.3.10&platform=All&function=all>): interim fix **12.0.3.10-WS-WatsonExplorer-DAEAnalytical-<OS>-8SR7FP20** or later (for example, 12.0.3.10-WS-WatsonExplorer-DAEAnalytical-Linux-8SR7FP20).\n 3. To apply the fix, follow the steps in [Updating IBM Java Runtime](<https://www.ibm.com/support/pages/node/259439>). \nIBM Watson Explorer DAE \noneWEX| 12.0.0.0, 12.0.0.1, 12.0.1, 12.0.2.0 - 12.0.2.2, 12.0.3.0 - 12.0.3.10| JVM 8 SR7 FP20 or later| \n\n 1. If you have not already installed, install V12.0.3.10 (see the Fix Pack [download document](<http://www.ibm.com/support/pages/node/6579247>)). If you upgrade to Version 12.0.3.10 after you update IBM Java Runtime, your changes are lost and you must repeat the steps.\n 2. Download the IBM Java Runtime, Version 8 package for your operating system from [Fix Central](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Watson%2BGroup&product=ibm/Information+Management/InfoSphere+Data+Explorer&release=12.0.3.10&platform=All&function=all>): interim fix **12.0.3.10-WS-WatsonExplorer-DAEoneWEX-8SR7FP20**.\n 3. To apply the fix, follow the steps in [Updating IBM Java Runtime](<https://www.ibm.com/support/pages/node/6441277>). \nIBM Watson Explorer \nFoundational Components| 11.0.0.0 - 11.0.0.3, \n11.0.1, \n11.0.2.0 - \n11.0.2.14| JVM 8 SR7 FP20 or later| \n\n 1. If you have not already installed, install V11.0.2 Fix Pack 14 (see the Fix Pack [download document](<http://www.ibm.com/support/pages/node/6579241>)). If you upgrade to Version 11.0.2.14 after you update IBM Java Runtime, your changes are lost and you must repeat the steps.\n 2. Download the IBM Java Runtime, Version 8 package for your edition (Enterprise or Advanced) and operating system from [Fix Central](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Watson%2BGroup&product=ibm/Information+Management/InfoSphere+Data+Explorer&release=11.0.2.14&platform=All&function=all>): interim fix **11.0.2.14-WS-WatsonExplorer-<Edition>Foundational-<OS>-8SR7FP20** or later (for example, 11.0.2.14-WS-WatsonExplorer-EEFoundational-Linux-8SR7FP20).\n 3. To apply the fix, follow the steps in [Updating IBM Java Runtime](<https://www.ibm.com/support/pages/node/6565665>). \nIBM Watson Explorer Foundational Components Annotation Administration Console| \n\n12.0.0.0, 12.0.1, 12.0.2.0 - 12.0.2.2, 12.0.3.0 - 12.0.3.10\n\n| JVM 8 SR7 FP20 or later| \n\n 1. If you have not already installed, install V12.0.3.10 (see the Fix Pack [download document](<http://www.ibm.com/support/pages/node/6579251>)). If you upgrade to Version 12.0.3.10 after you update IBM Java Runtime, your changes are lost and you must repeat the steps.\n 2. Download the IBM Java Runtime, Version 8 package for your operating system from [Fix Central](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Watson%2BGroup&product=ibm/Information+Management/InfoSphere+Data+Explorer&release=12.0.3.10&platform=All&function=all>): interim fix **12.0.3.10-WS-WatsonExplorer-DAEFoundationalAAC-<OS>-8SR7FP20** or later (for example, 12.0.3.10-WS-WatsonExplorer-DAEFoundationalAAC-Linux-8SR7FP20).\n 3. To apply the fix, follow the steps in [Updating IBM Java Runtime](<https://www.ibm.com/support/pages/node/259439>). \nIBM Watson Explorer Foundational Components Annotation Administration Console| 11.0.0.0 - 11.0.0.3, \n11.0.1, \n11.0.2.0 - \n11.0.2.14| JVM 8 SR7 FP20 or later| \n\n 1. If you have not already installed, install V11.0.2 Fix Pack 14 (see the Fix Pack [download document](<http://www.ibm.com/support/pages/node/6579241>)). If you upgrade to Version 11.0.2.14 after you update IBM Java Runtime, your changes are lost and you must repeat the steps.\n 2. Download the IBM Java Runtime, Version 8 package for your edition (Enterprise or Advanced) and operating system from [Fix Central](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Watson%2BGroup&product=ibm/Information+Management/InfoSphere+Data+Explorer&release=11.0.2.14&platform=All&function=all>): interim fix **11.0.2.14-WS-WatsonExplorer-<Edition>FoundationalAAC-<OS>-8SR7FP20** or later (for example, 11.0.2.14-WS-WatsonExplorer-EEFoundationalAAC-Linux-8SR7FP20).\n 3. To apply the fix, follow the steps in [Updating IBM Java Runtime](<https://www.ibm.com/support/pages/node/259439>). \nIBM Watson Explorer Analytical Components| 11.0.0.0 - 11.0.0.3, \n11.0.1, \n11.0.2.0 - \n11.0.2.14| JVM 8 SR7 FP20 or later| \n\n 1. If you have not already installed, install V11.0.2 Fix Pack 14 (see the Fix Pack [download document](<http://www.ibm.com/support/pages/node/6579243>)). If you upgrade to Version 11.0.2.14 after you update IBM Java Runtime, your changes are lost and you must repeat the steps.\n 2. Download the IBM Java Runtime, Version 8 package for your edition (Enterprise or Advanced) and operating system from [Fix Central](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Watson%2BGroup&product=ibm/Information+Management/InfoSphere+Data+Explorer&release=11.0.2.14&platform=All&function=all>): interim fix **11.0.2.14-WS-WatsonExplorer-<Edition>Analytical-<OS>-8SR7FP20** or later (for example, 11.0.2.14-WS-WatsonExplorer-EEAnalytical-Linux-8SR7FP20).\n 3. To apply the fix, follow the steps in [Updating IBM Java Runtime](<https://www.ibm.com/support/pages/node/259439>). \nIBM Watson Explorer Content Analytics Studio| 12.0.0, 12.0.1, 12.0.2, 12.0.3| JVM 8 SR7 FP20 or later| \n\n 1. If you have not already installed, install Version 12.0.3. For information about Version 12.0.3, and links to the software and release notes, see the [download document](<https://www.ibm.com/support/docview.wss?uid=ibm10880811>). If you upgrade to Version 12.0.3 after you update IBM Java Runtime, your changes are lost and you must repeat the steps. \n 2. Download the IBM Java Runtime, Version 8 package and operating system from [Fix Central](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Watson%2BGroup&product=ibm/Information+Management/InfoSphere+Data+Explorer&release=12.0.3.0&platform=All&function=all>): interim fix **12.0.3.0-WS-WatsonExplorer-DAEAnalytical-CAStudio-8SR7FP20** or later (for example, 12.0.3.0-WS-WatsonExplorer-AEAnalytical-CAStudio-8SR7FP20, which includes 64-bit version of IBM Java Runtime).\n 3. To apply the fix, follow the steps in [Updating IBM Java Runtime](<https://www.ibm.com/support/pages/node/561503>). \nIBM Watson Explorer Content Analytics Studio| \n\n11.0.0.0 - 11.0.0.3, \n11.0.1, 11.0.2.0 - 11.0.2.2\n\n| JVM 8 SR7 FP20 or later| \n\n 1. If you have not already installed, install Version 11.0.2.2. If you upgrade to Version 11.0.2.2 after you update IBM Java Runtime, your changes are lost and you must repeat the steps. \n\n * For information about Version 11.0.2, and links to the software and release notes, see the [download document](<http://www.ibm.com/support/docview.wss?uid=swg24042893>).\n * For information about upgrading, see the [upgrade procedures](<http://www.ibm.com/support/docview.wss?uid=swg27049072>).For information about Version 11.0.2.2, see the [download document](<http://www.ibm.com/support/docview.wss?uid=swg24044331>).\n 2. Download the IBM Java Runtime, Version 8 package and operating system from [Fix Central](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Watson%2BGroup&product=ibm/Information+Management/InfoSphere+Data+Explorer&release=11.0.2.2&platform=All&function=all>): interim fix **11.0.2.2-WS-WatsonExplorer-AEAnalytical-CAStudio-8SR7FP20** or later (for example, 11.0.2.2-WS-WatsonExplorer-AEAnalytical-CAStudio-8SR7FP20, which includes 64-bit version of IBM Java Runtime).\n 3. To apply the fix, follow the steps in [Updating IBM Java Runtime](<https://www.ibm.com/support/pages/node/561503>). \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2023-01-27T13:11:32", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Watson Explorer and Watson Explorer Content Analytics Studio (CVE-2022-21626)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-21626"], "modified": "2023-01-27T13:11:32", "id": "B0B42C99943ADC9F2284EFF89574BB2533E047DC3DB366C34D87AF50C7E52D46", "href": "https://www.ibm.com/support/pages/node/6847951", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-28T21:34:56", "description": "## Summary\n\nIBM Virtualization Engine TS7700 is vulnerable to a denial of service threat (CVE-2022-21626) due to the use of IBM\u00ae SDK Java\u2122 Technology Edition, Version 8. The Java SDK is used by the TS7700 to provide the Management Interface, to perform cache management, and to provide Transparent Cloud Tiering. This issue was disclosed as part of the IBM SDK Java Technology Edition update in October 2022. IBM Virtualization Engine TS7700 has addressed the applicable CVE.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-21626](<https://vulners.com/cve/CVE-2022-21626>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Security component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/238689](<https://exchange.xforce.ibmcloud.com/vulnerabilities/238689>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nAll versions of microcode for the IBM Virtualization Engine TS7700 (3957-VEC, 3957-VED, and 3948-VED) prior to and including the following are affected:\n\n**Machine Type**| **Model**| **Release**| **Version** \n---|---|---|--- \n3957| VEC| R5.0| 8.50.2.6 \nR5.1| 8.51.2.12 \nR5.2 Phase 1| 8.52.102.13 \nR5.2 Phase 2| 8.52.200.111 \nR5.3| 8.53.0.63 \nVED| R5.0| 8.50.2.6 \nR5.1| 8.51.2.12 \nR5.2 Phase 1| 8.52.102.13 \nR5.2 Phase 2| 8.52.200.111 \nR5.3| 8.53.0.63 \n3948| VED| R5.3| 8.53.0.63 \n \n\n\n## Remediation/Fixes\n\nIBM strongly recommends addressing the vulnerability now by visiting <https://tape.ibmrcl.enterpriseappointments.com/v2/> or contacting IBM Service at 1-800-IBM-SERV to arrange an upgrade to the latest microcode version followed by the installation of VTD_EXEC.269 as needed. Minimum microcode versions are shown below: \n\n**Machine Type**| **Model**| **Release**| **Fix** \n---|---|---|--- \n3957| VEC| R5.0| Upgrade to 8.51.2.12 + VTD_EXEC.269 \nR5.1| Upgrade to 8.51.2.12 + VTD_EXEC.269 \nR5.2 Phase 1| Upgrade to 8.52.102.13 + VTD_EXEC.269 \nR5.2 Phase 2| Upgrade to 8.52.200.111 + VTD_EXEC.269 \nR5.3| Upgrade to 8.53.0.63 + VTD_EXEC.269 \nVED| R5.0| Upgrade to 8.51.2.12 + VTD_EXEC.269 \nR5.1| Upgrade to 8.51.2.12 + VTD_EXEC.269 \nR5.2 Phase 1| Upgrade to 8.52.102.13 + VTD_EXEC.269 \nR5.2 Phase 2| Upgrade to 8.52.200.111 + VTD_EXEC.269 \nR5.3| Upgrade to 8.53.0.63 + VTD_EXEC.269 \n3948| VED| R5.3| Upgrade to 8.53.0.63 + VTD_EXEC.269 \n \nThe minimum VTD_EXEC version is shown below:\n\n**VTD_EXEC Package**| **Version** \n---|--- \nVTD_EXEC.269| v2.02 \n \nNote: With v2.00 and subsequent versions, VTD_EXEC.269 may be installed concurrently with online operations except on systems where the Cloud Storage Tier has been enabled with FC 5278, which will still require an outage.\n\n## Workarounds and Mitigations\n\nAlthough IBM recommends that you upgrade to the fixes identified above, you can mitigate, but not eliminate the risk of these vulnerabilities by restricting physical and network access to the TS7700 to authorized users and IBM Service Personnel only.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2023-01-30T19:44:41", "type": "ibm", "title": "Security Bulletin: IBM Virtualization Engine TS7700 is vulnerable to a denial of service threat due to use of IBM\u00ae SDK Java\u2122 Technology Edition, Version 8 (CVE-2022-21626)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-21626"], "modified": "2023-01-30T19:44:41", "id": "C3E83DDDDF37022CCB9C67147A9E72A210F68D967AD579E66F8160A01AD3AFA3", "href": "https://www.ibm.com/support/pages/node/6858055", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-28T21:36:55", "description": "## Summary\n\nThe fix includes a new version of the IBM Runtime Environment Java Version 8 that resolves the specified vulnerability.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-21626](<https://vulners.com/cve/CVE-2022-21626>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Security component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/238689](<https://exchange.xforce.ibmcloud.com/vulnerabilities/238689>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\n**Affected Product**| **Version \n** \n---|--- \nIBM Integration Designer| 22.0.2 \nIBM Integration Designer| 22.0.1 \nIBM Integration Designer| 21.0.3 \nIBM Integration Designer| 20.0.0.2 \n \n \n\n\n## Remediation/Fixes\n\n[IBM Integration Designer 22.0.2](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FIBM+Integration+Designer&fixids=22.0.2-WS-IID-IFDT179280&source=SAR> \"IBM Integration Designer 22.0.2\" )\n\n[IBM Integration Designer 22.0.1](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FIBM+Integration+Designer&fixids=22.0.1-WS-IID-IFDT179280&source=SAR> \"IBM Integration Designer 22.0.1\" )\n\n[IBM Integration Designer 21.0.3](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FIBM+Integration+Designer&fixids=21.0.3-WS-IID-IFDT179280&source=SAR> \"IBM Integration Designer 21.0.3\" )\n\n[IBM Integration Designer 20.0.0.2](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FIBM+Integration+Designer&fixids=20.0.0.2-WS-IID-IFDT179280&source=SAR> \"IBM Integration Designer 20.0.0.2\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2022-12-22T18:51:35", "type": "ibm", "title": "Security Bulletin: IBM Integration Designer is vulnerable to denial of service ( CVE-2022-21626)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-21626"], "modified": "2022-12-22T18:51:35", "id": "699223D515FE732FC9F1DF6EC7F6E06F88BA093D8FBF60BE8D914347FA4B5BE5", "href": "https://www.ibm.com/support/pages/node/6851449", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-03-17T13:32:50", "description": "## Summary\n\nIBM Spectrum Protect Operations Center may be affected by vulnerabilityies in Java SE such as denial of service attack, as described by the CVEs in the \"Vulnerability Details\" section.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-21626](<https://vulners.com/cve/CVE-2022-21626>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Security component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/238689](<https://exchange.xforce.ibmcloud.com/vulnerabilities/238689>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Spectrum Protect Operations Center| 8.1 - 8.1.17.xxx \n \n\n\n## Remediation/Fixes\n\n**IBM Spectrum Protect Operations Center Affected Versions**| **Fixing Level**| **Platform**| **Link to Fix and Instructions** \n---|---|---|--- \n8.1 - 8.1.17.xxx| 8.1.18| AIX Linux Windows| <https://www.ibm.com/support/pages/node/6953019> \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2023-03-17T13:22:14", "type": "ibm", "title": "Security Bulletin: Vulnerability in Java SE may affect IBM Spectrum Protect Operations Center (CVE-2022-21626)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-21626"], "modified": "2023-03-17T13:22:14", "id": "4BDDA6CACE48EED4E4F6B43370DB7F8F73EDA2D8CAE5DD7CF2338811EA9573D5", "href": "https://www.ibm.com/support/pages/node/6963642", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-28T21:36:28", "description": "## Summary\n\nIBM has addressed the CVE, which potentially affects JDBC, IMS Callout and JMS components\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-21626](<https://vulners.com/cve/CVE-2022-21626>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Security component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/238689](<https://exchange.xforce.ibmcloud.com/vulnerabilities/238689>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM DataPower Gateway V10CD| 10.0.4.0 - 10.0.4.0sr2 \nIBM DataPower Gateway 10.0.1| 10.0.1.0 - 10.0.1.10 \nIBM DataPower Gateway 10.5.0| 10.5.0.0 - 10.5.02 \nIBM DataPower Gateway| 2018.4.1.0 - 2018.4.1.23 \n \n\n\n## Remediation/Fixes\n\nAffected product| Fixed in version| APAR \n---|---|--- \nIBM DataPower Gateway 2018.4.1| 2018.4.1.24| [IT42249](<https://www.ibm.com/support/pages/apar/IT42249> \"IT42249\" ) \nIBM DataPower Gateway 10.0.1| 10.0.1.11| [IT42249](<https://www.ibm.com/support/pages/apar/IT42249> \"IT42249\" ) \nIBM DataPower Gateway 10.5.0| 10.5.0.3| [IT42249](<https://www.ibm.com/support/pages/apar/IT42249> \"IT42249\" ) \n \nA fix will be available in a future security refresh of V10CD. Customers wishing to obtain the fix immediately may upgrade free of charge to 10.5.0.3\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2023-01-04T16:12:14", "type": "ibm", "title": "Security Bulletin: IBM DataPower Gateway affected by vulnerability in Java (CVE-2022-21626)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-21626"], "modified": "2023-01-04T16:12:14", "id": "34FBAEEF366CB7DE704637DD9387142E0E5FB15840BA5A401EF615225B7C1FE1", "href": "https://www.ibm.com/support/pages/node/6852623", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-28T01:44:23", "description": "## Summary\n\nThere is a vulnerability in PostgreSQL used by IBM Sterling Connect:Direct for Microsoft Windows. IBM Sterling Connect:Direct for Microsoft Windows has addressed the applicable CVE.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-1552](<https://vulners.com/cve/CVE-2022-1552>) \n** DESCRIPTION: **PostgreSQL remote authenticated attacker to bypass security restrictions, caused by an issue with not activate protection or too late with the Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck commands. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary SQL functions under a superuser identity. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/226521](<https://exchange.xforce.ibmcloud.com/vulnerabilities/226521>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Sterling Connect:Direct for Microsoft Windows| 4.8.0.0 - 4.8.0.3_iFix046 \nIBM Sterling Connect:Direct for Microsoft Windows| 6.0.0.0 - 6.0.0.4_iFix053 \nIBM Sterling Connect:Direct for Microsoft Windows| 6.1.0.0 - 6.1.0.2_iFix045 \nIBM Sterling Connect:Direct for Microsoft Windows| 6.2.0.0 - 6.2.0.4_iFix007 \n \n\n\n## Remediation/Fixes\n\n**Product(s)**| **Version(s)**| **APAR**| **Remediation / Fix** \n---|---|---|--- \nIBM Sterling Connect:Direct for Microsoft Windows| 4.8.0.0 - 4.8.0.3_iFix046| [IT41129](<https://www.ibm.com/support/pages/apar/IT41129> \"IT41129\" )| Apply [4.8.0.3_iFix047](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%20software&product=ibm/Other+software/Sterling+Connect%3ADirect+for+Microsoft+Windows&release=4.8.0.3&platform=All&function=aparId&apars=IT41129> \"4.8.0.3_iFix047\" ), available on Fix Central \nIBM Sterling Connect:Direct for Microsoft Windows| 6.0.0.0 - 6.0.0.4_iFix053| [IT41129](<https://www.ibm.com/support/pages/apar/IT41129> \"IT41129\" )| Apply [6.0.0.4_iFix054](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%20software&product=ibm/Other+software/Sterling+Connect%3ADirect+for+Microsoft+Windows&release=6.0.0.4&platform=All&function=aparId&apars=IT41129> \"6.0.0.4_iFix054\" ), available on Fix Central \nIBM Sterling Connect:Direct for Microsoft Windows| 6.1.0.0 - 6.1.0.2_iFix045| [IT41129](<https://www.ibm.com/support/pages/apar/IT41129> \"IT41129\" )| Apply [6.1.0.2_iFix046](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%20software&product=ibm/Other+software/Sterling+Connect%3ADirect+for+Microsoft+Windows&release=6.1.0.2&platform=All&function=aparId&apars=IT41129> \"6.1.0.2_iFix046\" ), available on Fix Central \nIBM Sterling Connect:Direct for Microsoft Windows| 6.2.0.0 - 6.2.0.4_iFix007| [IT41129](<https://www.ibm.com/support/pages/apar/IT41129> \"IT41129\" )| Apply [6.2.0.4_iFix008](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%20software&product=ibm/Other+software/Sterling+Connect%3ADirect+for+Microsoft+Windows&release=6.2.0.4&platform=All&function=aparId&apars=IT41129> \"6.2.0.4_iFix008\" ), available on Fix Central \n \nFor unsupported versions IBM recommends upgrading to a fixed, supported version of the product. \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-07-12T08:22:36", "type": "ibm", "title": "Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to remote SQL execution due to PostgreSQL (CVE-2022-1552)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-1552"], "modified": "2022-07-12T08:22:36", "id": "74E733EAD00CC1443998FEAEB40A5B9D2B95F7D92F0086469EAF733BC0FE1A4E", "href": "https://www.ibm.com/support/pages/node/6602959", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-28T01:42:34", "description": "## Summary\n\nIBM Sterling Connect:Direct Web Service uses PostgreSQL. IBM Sterling Connect:Direct Web Services has addressed an applicable issue from PostgreSQL.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-1552](<https://vulners.com/cve/CVE-2022-1552>) \n** DESCRIPTION: **PostgreSQL remote authenticated attacker to bypass security restrictions, caused by an issue with not activate protection or too late with the Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck commands. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary SQL functions under a superuser identity. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/226521](<https://exchange.xforce.ibmcloud.com/vulnerabilities/226521>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Sterling Connect:Direct Web Services| 1.0 \nIBM Sterling Connect:Direct Web Services| 6.1.0 \nIBM Sterling Connect:Direct Web Services| 6.2.0 \nIBM Sterling Connect:Direct Web Services| 6.0 \n \n\n\n## Remediation/Fixes\n\n**Product(s)**| **Version(s)**| **Remediation \n** \n---|---|--- \nIBM Sterling Connect:Direct Web Services| 1.0| Apply 6.0.0.9, available on [Fix Central](<https://www.ibm.com/support/fixcentral/options?selectionBean.selectedTab=find&selection=ibm%2fOther+software%3bibm%2fOther+software%2fIBM+Connect%3aDirect+Web+Services> \"\" ) \nIBM Sterling Connect:Direct Web Services| 6.0| Apply 6.0.0.9, available on [Fix Central](<https://www.ibm.com/support/fixcentral/options?selectionBean.selectedTab=find&selection=ibm%2fOther+software%3bibm%2fOther+software%2fIBM+Connect%3aDirect+Web+Services> \"\" ) \nIBM Sterling Connect:Direct Web Services| 6.1| Apply 6.1.0.13, available on [Fix Central](<https://www.ibm.com/support/fixcentral/options?selectionBean.selectedTab=find&selection=ibm%2fOther+software%3bibm%2fOther+software%2fIBM+Connect%3aDirect+Web+Services> \"\" ) \nIBM Sterling Connect:Direct Web Services| 6.2| Apply 6.2.0.8, available on [Fix Central](<https://www.ibm.com/support/fixcentral/options?selectionBean.selectedTab=find&selection=ibm%2fOther+software%3bibm%2fOther+software%2fIBM+Connect%3aDirect+Web+Services> \"\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-24T05:32:42", "type": "ibm", "title": "Security Bulletin: IBM Connect:Direct Web Services vulnerable to remote security bypass due to PostgreSQL (CVE-2022-1552)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-1552"], "modified": "2022-08-24T05:32:42", "id": "C738FF607B47687B1DFCC523B3030D5EF139CF5DEF02AAD36B4326A7752D3E64", "href": "https://www.ibm.com/support/pages/node/6615005", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-28T01:37:29", "description": "## Summary\n\nIBM Security Guardium has fixed this vulnerability.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-1552](<https://vulners.com/cve/CVE-2022-1552>) \n** DESCRIPTION: **PostgreSQL remote authenticated attacker to bypass security restrictions, caused by an issue with not activate protection or too late with the Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck commands. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary SQL functions under a superuser identity. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/226521](<https://exchange.xforce.ibmcloud.com/vulnerabilities/226521>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Security Guardium| 11.0 \nIBM Security Guardium| 11.1 \nIBM Security Guardium| 11.2 \nIBM Security Guardium| 11.3 \nIBM Security Guardium| 11.4 \n \n## Remediation/Fixes\n\nIBM encourages customers to update their systems promptly.\n\n** Product**| **Versions**| ** Fix** \n---|---|--- \nIBM Security Guardium| 11.0| [http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=11.0&platform=Linux&function=fixId&fixids=SqlGuard_11.0p51_Bundle_Sep-27-2022&includeSupersedes=0&source=fc](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=11.0&platform=Linux&function=fixId&fixids=SqlGuard_11.0p51_Bundle_Sep-27-2022&includeSupersedes=0&source=fc>) \nIBM Security Guardium| 11.1| [http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=11.0&platform=Linux&function=fixId&fixids=SqlGuard-11.0p165_Bundle_Sep_01_2022&includeSupersedes=0&source=fc](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=11.0&platform=Linux&function=fixId&fixids=SqlGuard-11.0p165_Bundle_Sep_01_2022&includeSupersedes=0&source=fc>) \nIBM Security Guardium| 11.2| [http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=11.0&platform=Linux&function=fixId&fixids=SqlGuard_11.0p277_Bundle_Oct-26-2022&includeSupersedes=0&source=fc](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=11.0&platform=Linux&function=fixId&fixids=SqlGuard_11.0p277_Bundle_Oct-26-2022&includeSupersedes=0&source=fc>) \nIBM Security Guardium| 11.3| [http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=11.0&platform=Linux&function=fixId&fixids=SqlGuard_11.0p375_Bundle_Oct-19-2022&includeSupersedes=0&source=fc](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=11.0&platform=Linux&function=fixId&fixids=SqlGuard_11.0p375_Bundle_Oct-19-2022&includeSupersedes=0&source=fc>) \nIBM Security Guardium| 11.4| [http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=11.0&platform=Linux&function=fixId&fixids=SqlGuard-11.0p450_Bundle_Sep_01_2022&includeSupersedes=0&source=fc](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=11.0&platform=Linux&function=fixId&fixids=SqlGuard-11.0p450_Bundle_Sep_01_2022&includeSupersedes=0&source=fc>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-08T15:56:24", "type": "ibm", "title": "Security Bulletin: IBM Security Guardium is affected by a PostgreSQL vulnerability (CVE-2022-1552)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-1552"], "modified": "2022-11-08T15:56:24", "id": "897C1C4063D647B510038AC8749377FEA3344FA38586156BA7A725F608177613", "href": "https://www.ibm.com/support/pages/node/6828557", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-28T21:39:20", "description": "## Summary\n\nPostgreSQL could allow a remote attacker to gain unauthorized access to the system which may affect IBM Elastic Storage System.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-1552](<https://vulners.com/cve/CVE-2022-1552>) \n** DESCRIPTION: **PostgreSQL remote authenticated attacker to bypass security restrictions, caused by an issue with not activate protection or too late with the Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck commands. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary SQL functions under a superuser identity. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/226521](<https://exchange.xforce.ibmcloud.com/vulnerabilities/226521>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Elastic Storage System| 6.1.0.0 - 6.1.4.0 \n \n\n\n## Remediation/Fixes\n\nIBM recommends that you fix this vulnerability by upgrading affected versions of IBM Elastic Storage System 3000, 3200, 3500 and 5000 to the following code levels or higher: \n\nV6.1.4.1\n\n[https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Elastic+Storage+Server+(ESS)&release=6.1.4&platform=All&function=all](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Elastic+Storage+Server+%28ESS%29&release=6.1.4&platform=All&function=all>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-01T10:43:58", "type": "ibm", "title": "Security Bulletin: Vulnerability in PostgreSQL may affect IBM Elastic Storage System", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-1552"], "modified": "2022-11-01T10:43:58", "id": "FEF3D9CCCE24C08E319A8AE3D38411199D5C0E55CEDE903D3EEB444B38106F9B", "href": "https://www.ibm.com/support/pages/node/6833500", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-21T17:32:41", "description": "## Summary\n\nMultiple vulnerabilities were found with IBM\u00ae Runtime Environment Java\u2122 Technology Edition, Version 8 which is shipped with IBM MQ (CVE-2022-21624, CVE-2022-21626)\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2022-21626](<https://vulners.com/cve/CVE-2022-21626>) \n**DESCRIPTION: **An unspecified vulnerability in Java SE related to the Security component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/238689](<https://exchange.xforce.ibmcloud.com/vulnerabilities/238689>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID: **[CVE-2022-21624](<https://vulners.com/cve/CVE-2022-21624>) \n**DESCRIPTION: **An unspecified vulnerability in Java SE related to the Security component could allow an unauthenticated attacker to update, insert or delete data resulting in a low integrity impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/238699](<https://exchange.xforce.ibmcloud.com/vulnerabilities/238699>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nIBM MQ | 9.0 LTS \nIBM MQ | 9.1 LTS \nIBM MQ | 9.2 LTS \nIBM MQ | 9.3 LTS \nIBM MQ | 9.1 CD \nIBM MQ | 9.2 CD \nIBM MQ | 9.3 CD \n \nThe following installable MQ components are affected by the vulnerability:\n\n\u2022 Java JRE\n\n\u2022 Managed File Transfer\n\n\u2022 IBM MQ Explorer\n\n\u2022 MQ IPT\n\nIf you are running any of these listed components, please apply the remediation/fixes as described below. For more information on the definitions of components used in this list see <https://www.ibm.com/support/pages/installable-component-names-used-ibm-mq-security-bulletins>\n\n## Remediation/Fixes\n\nThese issues were resolved under APAR IT42457\n\n**IBM MQ version 9.0 LTS**\n\n[Apply CSU 9.0.0.14](<https://www.ibm.com/support/pages/downloading-ibm-mq-90014-lts-csu>)\n\n**IBM MQ version 9.1 LTS**\n\n[Apply CSU 9.1.0.13](<https://www.ibm.com/support/pages/downloading-ibm-mq-91013-lts-csu>)\n\n**IBM MQ version 9.2 LTS**\n\n[Apply FixPack 9.2.0.7](<https://www.ibm.com/support/pages/downloading-ibm-mq-920-older-lts-fixes#fp9207>)\n\n**IBM MQ version 9.3 LTS**\n\n[Apply FixPack 9.3.0.2](<https://www.ibm.com/support/pages/downloading-ibm-mq-930-older-lts-fixes#fp9302>)\n\n**IBM MQ version 9.1, 9.2 & 9.3 CD**\n\n[Upgrade to IBM MQ 9.3.0 and apply CSU 9.3.1.1](<https://www.ibm.com/support/pages/downloading-ibm-mq-9311-continuous-delivery-csu>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2023-02-21T20:12:09", "type": "ibm", "title": "Security Bulletin: IBM MQ is affected by multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Technology Edition, Version 8", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-21624", "CVE-2022-21626"], "modified": "2023-02-21T20:12:09", "id": "7AAAC72FE597506BDE2660E488F1C4716EB1897CE774DC380DED82B46A52016A", "href": "https://www.ibm.com/support/pages/node/6957066", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-13T09:34:34", "description": "## Summary\n\nThere are multiple vulnerabilities in the IBM\u00ae SDK, Java\u2122 Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. The CVE(s) listed in this document might affect some configurations of IBM WebSphere Application Server traditional and IBM WebSphere Application Server Liberty. These products have addressed the applicable CVE(s). If you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether the complete list of vulnerabilities is applicable to your code. For a complete list of vulnerabilities, refer to the link for \"IBM Java SDK Security Bulletin\" located in the References section for more information. HP fixes are on a delayed schedule.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-21626](<https://vulners.com/cve/CVE-2022-21626>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Security component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/238689](<https://exchange.xforce.ibmcloud.com/vulnerabilities/238689>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2022-21624](<https://vulners.com/cve/CVE-2022-21624>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Security component could allow an unauthenticated attacker to update, insert or delete data resulting in a low integrity impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/238699](<https://exchange.xforce.ibmcloud.com/vulnerabilities/238699>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM WebSphere Application Server| 9.0 \nIBM WebSphere Application Server| 8.5 \nIBM WebSphere Application Server Liberty| Continuous delivery \n \n## Remediation/Fixes\n\n**For IBM WebSphere Application Server Liberty:**\n\nUpgrade to IBM SDK, Java Technology Edition Version 8 SR7 FP20 refer to [IBM Java SDKs for Liberty ](<http://www-01.ibm.com/support/docview.wss?uid=swg27049903>)\n\n**For Version 9 IBM WebSphere Application Server traditional:**\n\nUpdate to the IBM SDK, Java Technology Edition, Version 8 Service Refresh 7 FP20 using the instructions in the IBM Documentation [Installing and updating IBM SDK, Java Technology Edition on distributed environments](<https://www.ibm.com/support/knowledgecenter/en/SSEQTP_9.0.5/com.ibm.websphere.installation.base.doc/ae/tins_installation_jdk.html> \"\" ) then use the IBM Installation Manager to access the [online product repositories](<https://www.ibm.com/support/knowledgecenter/SSEQTP_9.0.5/com.ibm.websphere.installation.base.doc/ae/cins_repositories.html> \"online product repositories\" ) to install the SDK or use IBM Installation Manager and access the [packages from Fixcentral](<http://www-01.ibm.com/support/docview.wss?uid=swg24042430>).\n\n \n**For V8.5.0.0 through 8.5.5.22 IBM WebSphere Application Server traditional: **\n\nFor the IBM SDK, Java Technology Version that you use, upgrade to the minimal fix pack level of IBM WebSphere Application Server as noted in the interim fix below then apply the interim fixes:\n\n \nFor IBM SDK Java Technology Edition Version 8\n\n * For environments that have been upgraded to use the new default IBM SDK Version 8 bundled with IBM WebSphere Application Server Fix Pack 8.5.5.22 or later: Apply interim fix [PH50734](<https://www.ibm.com/support/pages/node/6839149> \"PH50734\" ): Will upgrade you to IBM SDK, Java Technology Edition, Version 8 Service Refresh 7 FP20. \n\nOR\n\n * Apply IBM Java SDK shipped with IBM WebSphere Application Server Fix pack 23 (8.5.5.23) or later (targeted availability 1Q 2023).\n\n**For Application Client for IBM WebSphere Application Server: **\n\nFollow instructions above for the IBM WebSphere Application Server to download the interim fix needed for your version of the Application Client.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2023-02-06T20:32:36", "type": "ibm", "title": "Security Bulletin: Multiple Vulnerabilities in IBM\u00ae Java SDK affect IBM WebSphere Application Server and IBM WebSphere Application Server Liberty due to the October 2022 CPU", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-21624", "CVE-2022-21626"], "modified": "2023-02-06T20:32:36", "id": "321D2A78B414F020858482232B7BE23C1F205055618F862E858FD2DB44625F4A", "href": "https://www.ibm.com/support/pages/node/6839565", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-28T21:37:23", "description": "## Summary\n\nThere are multiple vulnerabilities in the IBM\u00ae SDK Java\u2122 Technology Edition, Version 8 that is used by IBM InfoSphere Information Server. These issues were disclosed as part of the IBM Java SDK updates in October 2022.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-21626](<https://vulners.com/cve/CVE-2022-21626>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Security component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/238689](<https://exchange.xforce.ibmcloud.com/vulnerabilities/238689>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2022-21619](<https://vulners.com/cve/CVE-2022-21619>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Security component could allow an unauthenticated attacker to update, insert or delete data resulting in a low integrity impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/238698](<https://exchange.xforce.ibmcloud.com/vulnerabilities/238698>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nInfoSphere Information Server| 11.7 \n \n## Remediation/Fixes\n\n**_Product_**| \n\n**_VRMF_**\n\n| \n\n**_APAR_**\n\n| \n\n**_Remediation/First Fix_** \n \n---|---|---|--- \n \nInfoSphere Information Server, Information Server on Cloud\n\n| \n\n11.7\n\n| \n\n[DT173374](<https://www.ibm.com/mysupport/aCI3p000000PZ6E> \"DT173374\" )\n\n| \n\n\\--Follow instructions in the [README](<http://www.ibm.com/support/fixcentral/swg/quickorder?&product=ibm/Information+Management/IBM+InfoSphere+Information+Server&function=fixId&fixids=is117_DT173374_ISF_services_engine_*> \"README\" ) \n\\--If not previously addressed, for AIX installations, see [Technote ](<https://www.ibm.com/support/pages/node/6448522> \"Technote\" )for class not found errors related to ProviderExceptions, Failed to initialize IBMJCEPlus provider, and jgskit (Not found in java.library.path) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2022-12-08T19:07:22", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK (October 2022) affect IBM InfoSphere Information Server", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-21619", "CVE-2022-21626"], "modified": "2022-12-08T19:07:22", "id": "AE5EB3FB90B30B6D41D5B101ABF5005C1DFD43E74ADCCCB71466771BCFCB191A", "href": "https://www.ibm.com/support/pages/node/6840391", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-03-13T21:33:20", "description": "## Summary\n\nVulnerabilities in Java are affecting Watson Knowledge Catalog for IBM Cloud Pak for Data. These vulnerabilities have been addressed.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-21628](<https://vulners.com/cve/CVE-2022-21628>) \n** DESCRIPTION: **Java SE is vulnerable to a denial of service, caused by a flaw in the Lightweight HTTP Server. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/238623](<https://exchange.xforce.ibmcloud.com/vulnerabilities/238623>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2022-21626](<https://vulners.com/cve/CVE-2022-21626>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Security component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/238689](<https://exchange.xforce.ibmcloud.com/vulnerabilities/238689>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Watson Knowledge Catalog on-prem| 4.x \n \n\n\n## Remediation/Fixes\n\nUpgrade to IBM Watson Knowledge Catalog for IBM Cloud Pak for Data 4.6.3 or higher\n\n## Workarounds and Mitigations\n\nNone. The Java JVM must be upgraded.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2023-03-13T16:28:55", "type": "ibm", "title": "Security Bulletin: Multiple Vulnerabilities in Java affecting Watson Knowledge Catalog for IBM Cloud Pak for Data (CVE-2022-21628, CVE-2022-21626)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-21626", "CVE-2022-21628"], "modified": "2023-03-13T16:28:55", "id": "F3D0EE6F1B5D6EAC3201B27BE933A99F45F2DEED03E8532818A1BD8DF803D38F", "href": "https://www.ibm.com/support/pages/node/6963087", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-28T01:48:30", "description": "## Summary\n\nA security vulnerability in golang affects IBM Cloud Automation Manager.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-23772](<https://vulners.com/cve/CVE-2022-23772>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by a buffer overflow in the Rat.SetString function in math/big. By sending a specially-crafted request, an attacker could exploit this vulnerability to consume large amount of RAM and cause the application to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/219442](<https://exchange.xforce.ibmcloud.com/vulnerabilities/219442>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-23773](<https://vulners.com/cve/CVE-2022-23773>) \n** DESCRIPTION: **An unspecified error with not treating branches with semantic-version names as releases in cmd/go in Golang Go has an unknown impact and attack vector. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/219443](<https://exchange.xforce.ibmcloud.com/vulnerabilities/219443>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2022-23806](<https://vulners.com/cve/CVE-2022-23806>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by a flaw with IsOnCurve function returns true for invalid field elements. By sending a specially-crafted request, an attacker could exploit this vulnerability to causes a panic in ScalarMult, and results in a denial of condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/219444](<https://exchange.xforce.ibmcloud.com/vulnerabilities/219444>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Cloud Automation Manager| 4.2.0.1 \n \n\n\n## Remediation/Fixes\n\nDownload IBM Cloud Automation Manager 4.2.0.1 iFix 6 from [https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/WebSphere/IBM+Cloud+Private&release=All&platform=All&function=fixId&fixids=icp-cam-3.2.1-build601049&includeSupersedes=0](<https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/WebSphere/IBM+Cloud+Private&release=All&platform=All&function=fixId&fixids=icp-cam-3.2.1-build601049&includeSupersedes=0>)\n\nFollow the instructions in Readme link in [https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/WebSphere/IBM+Cloud+Private&release=All&platform=All&function=fixId&fixids=icp-cam-3.2.1-build601049&includeSupersedes=0](<https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/WebSphere/IBM+Cloud+Private&release=All&platform=All&function=fixId&fixids=icp-cam-3.2.1-build601049&includeSupersedes=0>) to install the iFix 6 to your IBM Cloud Automation Manager 4.2.0.1.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2022-03-15T17:37:28", "type": "ibm", "title": "Security Bulletin: A security vulnerability in golang affects IBM Cloud Automation Manager", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23772", "CVE-2022-23773", "CVE-2022-23806"], "modified": "2022-03-15T17:37:28", "id": "ED2D628E2B845D710C7283E74DEB57A6ACCF26A841A9E4CC3B811EEE14A28F24", "href": "https://www.ibm.com/support/pages/node/6563565", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-28T01:47:17", "description": "## Summary\n\nSecurity Vulnerabilities affect IBM Cloud Private - Golang\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-23772](<https://vulners.com/cve/CVE-2022-23772>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by a buffer overflow in the Rat.SetString function in math/big. By sending a specially-crafted request, an attacker could exploit this vulnerability to consume large amount of RAM and cause the application to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/219442](<https://exchange.xforce.ibmcloud.com/vulnerabilities/219442>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-23773](<https://vulners.com/cve/CVE-2022-23773>) \n** DESCRIPTION: **An unspecified error with not treating branches with semantic-version names as releases in cmd/go in Golang Go has an unknown impact and attack vector. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/219443](<https://exchange.xforce.ibmcloud.com/vulnerabilities/219443>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2022-23806](<https://vulners.com/cve/CVE-2022-23806>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by a flaw with IsOnCurve function returns true for invalid field elements. By sending a specially-crafted request, an attacker could exploit this vulnerability to causes a panic in ScalarMult, and results in a denial of condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/219444](<https://exchange.xforce.ibmcloud.com/vulnerabilities/219444>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Cloud Private| 3.2.1 CD \nIBM Cloud Private| 3.2.2 CD \n \n\n\n## Remediation/Fixes\n\nProduct defect fixes and security updates are only available for the two most recent Continuous Delivery (CD) update packages \n\n * IBM Cloud Private 3.2.1\n * IBM Cloud Private 3.2.2\n\nFor IBM Cloud Private 3.2.1, apply fix pack:\n\n * [IBM Cloud Private 3.2.1.2203](<https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/WebSphere/IBM+Cloud+Private&release=All&platform=All&function=fixId&fixids=icp-3.2.1.2203-build601095-48411&includeSupersedes=0> \"IBM Cloud Private 3.2.1.2203\" )\n\n \n\n\nFor IBM Cloud Private 3.2.2, apply fix pack:\n\n * [IBM Cloud Private 3.2.2.2203](<https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/WebSphere/IBM+Cloud+Private&release=All&platform=All&function=fixId&fixids=icp-3.2.2.2203-build601096-48413&includeSupersedes=0> \"IBM Cloud Private 3.2.2.2203\" )\n\n \nFor IBM Cloud Private 3.1.0, 3.1.1, 3.1.2, 3.2.0\n\n * Upgrade to the latest Continuous Delivery (CD) update package, IBM Cloud Private 3.2.2. \n * If required, individual product fixes can be made available between CD update packages for resolution of problems. Contact IBM support for assistance\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2022-04-22T21:06:28", "type": "ibm", "title": "Security Bulletin: Security Vulnerabilities affect IBM Cloud Private - Golang (CVE-2022-23772, CVE-2022-23773, CVE-2022-23806)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23772", "CVE-2022-23773", "CVE-2022-23806"], "modified": "2022-04-22T21:06:28", "id": "D786761B0B2DB5C7370185F18DFD1990C653F5CA978F07DC85476F6C4C32F95A", "href": "https://www.ibm.com/support/pages/node/6574527", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-28T01:38:21", "description": "## Summary\n\nThe product includes vulnerable components (e.g., framework libraries) that may be identified and exploited with automated tools. IBM has addressed the vulnerabilities.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-1941](<https://vulners.com/cve/CVE-2022-1941>) \n** DESCRIPTION: **protobuf is vulnerable to a denial of service, caused by a parsing vulnerability for the MessageSet type in the ProtocolBuffers. By sending a specially crafted message with multiple key-value per elements, a remote attacker could exploit this vulnerability to cause a crash. \nCVSS Base score: 5.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/237081](<https://exchange.xforce.ibmcloud.com/vulnerabilities/237081>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-34749](<https://vulners.com/cve/CVE-2022-34749>) \n** DESCRIPTION: **Mistune is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw in the asteris emphasis regular expression implementation. By sending specially-crafted regex input, a remote attacker could exploit this vulnerability to invoke a catastrophic backtrack, resulting in a denial of service. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/232154](<https://exchange.xforce.ibmcloud.com/vulnerabilities/232154>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-1552](<https://vulners.com/cve/CVE-2022-1552>) \n** DESCRIPTION: **PostgreSQL remote authenticated attacker to bypass security restrictions, caused by an issue with not activate protection or too late with the Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck commands. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary SQL functions under a superuser identity. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/226521](<https://exchange.xforce.ibmcloud.com/vulnerabilities/226521>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Security QRadar Network Threat Analytics| 1.1.X \nIBM Security QRadar Network Threat Analytics| 1.0.x \nIBM Security QRadar Network Threat Analytics| 1.1.X \nIBM Security QRadar Network Threat Analytics| 1.0.x \nIBM Security QRadar Network Threat Analytics| 1.1.X \n \n\n\n## Remediation/Fixes\n\n[Update to QRadar Network Threat Analytics version 1.1.2 or greater.](<https://exchange.xforce.ibmcloud.com/hub/extension/744fd082be8feffe979618598cf8224f> \"Update to QRadar Network Threat Analytics version 1.1.2 or greater.\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-07T16:12:33", "type": "ibm", "title": "Security Bulletin: IBM Security Network Threat Analytics for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities (CVE-2022-1941, CVE-2022-34749, CVE-2022-1552)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-1552", "CVE-2022-1941", "CVE-2022-34749"], "modified": "2022-10-07T16:12:33", "id": "C65C9D42F36D758D0098249F655FBB450A0B73FDEBBA213A9A3E3B599CE938F8", "href": "https://www.ibm.com/support/pages/node/6827881", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-03-30T15:16:18", "description": "## Summary\n\nIBM Spectrum Protect Plus can be affected by vulnerabilities in PostgreSQL. Vulnerabilities include obtaining sensitive information and remote execution of arbitrary code, as described by the CVEs in the \"Vulnerability Details\" section. These vulnerabilities have been addressed.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-2625](<https://vulners.com/cve/CVE-2022-2625>) \n** DESCRIPTION: **PostgreSQL could allow a remote authenticated attacker to execute arbitrary code on the system, caused by improper control of the modification of dynamically-determined object attributes. By creating a specially-crafted object using at least one schema, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/233970](<https://exchange.xforce.ibmcloud.com/vulnerabilities/233970>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-1552](<https://vulners.com/cve/CVE-2022-1552>) \n** DESCRIPTION: **PostgreSQL remote authenticated attacker to bypass security restrictions, caused by an issue with not activate protection or too late with the Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck commands. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary SQL functions under a superuser identity. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/226521](<https://exchange.xforce.ibmcloud.com/vulnerabilities/226521>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-3677](<https://vulners.com/cve/CVE-2021-3677>) \n** DESCRIPTION: **Postgresql could allow a remote authenticated attacker to obtain sensitive information, caused by the memory disclosure in certain queries. By sending a specially-crafted query, an attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/221070](<https://exchange.xforce.ibmcloud.com/vulnerabilities/221070>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Spectrum Protect Plus Server| 10.1.0 - 10.1.12 \n \n\n\n## Remediation/Fixes\n\n** Affected Version(s)**| **Fixing Level**| **Platform**| **Link to Fix and Instructions** \n---|---|---|--- \n10.1.0 - 10.1.12| 10.1.12.4| Linux| <https://www.ibm.com/support/pages/node/6603663> \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-03-30T16:07:56", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in PostgreSQL may affect IBM Spectrum Protect Plus (CVE-2022-2625, CVE-2022-1552, CVE-2021-3677)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3677", "CVE-2022-1552", "CVE-2022-2625"], "modified": "2023-03-30T16:07:56", "id": "5845C3B9379E2073E897BAF6C4866044BCA83B21C1CD8DA746007BCDD5661BED", "href": "https://www.ibm.com/support/pages/node/6967285", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}], "nessus": [{"lastseen": "2023-02-19T23:03:14", "description": "The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-8a4e8aa190 advisory.\n\n - Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS).\n If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack. (CVE-2022-41854)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-12-23T00:00:00", "type": "nessus", "title": "Fedora 36 : snakeyaml (2022-8a4e8aa190)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-41854"], "modified": "2022-12-23T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:36", "p-cpe:/a:fedoraproject:fedora:snakeyaml"], "id": "FEDORA_2022-8A4E8AA190.NASL", "href": "https://www.tenable.com/plugins/nessus/169224", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n# The descriptive text and package checks in this plugin were\n# extracted from Fedora Security Advisory FEDORA-2022-8a4e8aa190\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(169224);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/23\");\n\n script_cve_id(\"CVE-2022-41854\");\n script_xref(name:\"FEDORA\", value:\"2022-8a4e8aa190\");\n\n script_name(english:\"Fedora 36 : snakeyaml (2022-8a4e8aa190)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Fedora host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nFEDORA-2022-8a4e8aa190 advisory.\n\n - Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS).\n If the parser is running on user supplied input, an attacker may supply content that causes the parser to\n crash by stack overflow. This effect may support a denial of service attack. (CVE-2022-41854)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2022-8a4e8aa190\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected snakeyaml package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-41854\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/11/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/12/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/12/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:36\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:snakeyaml\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Fedora Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Fedora' >!< os_release) audit(AUDIT_OS_NOT, 'Fedora');\nvar os_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Fedora');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^36([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Fedora 36', 'Fedora ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Fedora', cpu);\n\nvar pkgs = [\n {'reference':'snakeyaml-1.32-1.fc36', 'release':'FC36', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && _release) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'snakeyaml');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-03-11T04:27:11", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:4854 advisory.\n\n - postgresql: Autovacuum, REINDEX, and others omit security restricted operation sandbox (CVE-2022-1552)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-02T00:00:00", "type": "nessus", "title": "RHEL 8 : postgresql:10 (RHSA-2022:4854)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-1552"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:8.4", "cpe:/o:redhat:rhel_e4s:8.4", "cpe:/o:redhat:rhel_eus:8.4", "cpe:/o:redhat:rhel_tus:8.4", "p-cpe:/a:redhat:enterprise_linux:postgresql", "p-cpe:/a:redhat:enterprise_linux:postgresql-contrib", "p-cpe:/a:redhat:enterprise_linux:postgresql-docs", "p-cpe:/a:redhat:enterprise_linux:postgresql-plperl", "p-cpe:/a:redhat:enterprise_linux:postgresql-plpython3", "p-cpe:/a:redhat:enterprise_linux:postgresql-pltcl", "p-cpe:/a:redhat:enterprise_linux:postgresql-server", "p-cpe:/a:redhat:enterprise_linux:postgresql-server-devel", "p-cpe:/a:redhat:enterprise_linux:postgresql-static", "p-cpe:/a:redhat:enterprise_linux:postgresql-test", "p-cpe:/a:redhat:enterprise_linux:postgresql-test-rpm-macros", "p-cpe:/a:redhat:enterprise_linux:postgresql-upgrade", "p-cpe:/a:redhat:enterprise_linux:postgresql-upgrade-devel"], "id": "REDHAT-RHSA-2022-4854.NASL", "href": "https://www.tenable.com/plugins/nessus/161779", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:4854. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161779);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2022-1552\");\n script_xref(name:\"RHSA\", value:\"2022:4854\");\n script_xref(name:\"IAVB\", value:\"2022-B-0015-S\");\n\n script_name(english:\"RHEL 8 : postgresql:10 (RHSA-2022:4854)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2022:4854 advisory.\n\n - postgresql: Autovacuum, REINDEX, and others omit security restricted operation sandbox (CVE-2022-1552)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1552\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:4854\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2081126\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-1552\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(89, 459, 863);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/05/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/06/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/06/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-plperl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-plpython3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-pltcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-server-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-test-rpm-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-upgrade\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-upgrade-devel\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '8.4')) audit(AUDIT_OS_NOT, 'Red Hat 8.4', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar appstreams = {\n 'postgresql:10': [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.4/x86_64/appstream/debug',\n 'content/aus/rhel8/8.4/x86_64/appstream/os',\n 'content/aus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.4/x86_64/baseos/debug',\n 'content/aus/rhel8/8.4/x86_64/baseos/os',\n 'content/aus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.4/ppc64le/sap/os',\n 'content/e4s/rhel8/8.4/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.4/x86_64/appstream/os',\n 'content/e4s/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.4/x86_64/baseos/os',\n 'content/e4s/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap/os',\n 'content/e4s/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/appstream/debug',\n 'content/eus/rhel8/8.4/aarch64/appstream/os',\n 'content/eus/rhel8/8.4/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/baseos/debug',\n 'content/eus/rhel8/8.4/aarch64/baseos/os',\n 'content/eus/rhel8/8.4/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.4/aarch64/highavailability/os',\n 'content/eus/rhel8/8.4/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.4/aarch64/supplementary/os',\n 'content/eus/rhel8/8.4/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.4/ppc64le/appstream/os',\n 'content/eus/rhel8/8.4/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.4/ppc64le/baseos/os',\n 'content/eus/rhel8/8.4/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/sap/debug',\n 'content/eus/rhel8/8.4/ppc64le/sap/os',\n 'content/eus/rhel8/8.4/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/appstream/debug',\n 'content/eus/rhel8/8.4/s390x/appstream/os',\n 'content/eus/rhel8/8.4/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/baseos/debug',\n 'content/eus/rhel8/8.4/s390x/baseos/os',\n 'content/eus/rhel8/8.4/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/highavailability/debug',\n 'content/eus/rhel8/8.4/s390x/highavailability/os',\n 'content/eus/rhel8/8.4/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/sap/debug',\n 'content/eus/rhel8/8.4/s390x/sap/os',\n 'content/eus/rhel8/8.4/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/supplementary/debug',\n 'content/eus/rhel8/8.4/s390x/supplementary/os',\n 'content/eus/rhel8/8.4/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/appstream/debug',\n 'content/eus/rhel8/8.4/x86_64/appstream/os',\n 'content/eus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/baseos/debug',\n 'content/eus/rhel8/8.4/x86_64/baseos/os',\n 'content/eus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.4/x86_64/highavailability/os',\n 'content/eus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap/debug',\n 'content/eus/rhel8/8.4/x86_64/sap/os',\n 'content/eus/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.4/x86_64/supplementary/os',\n 'content/eus/rhel8/8.4/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/appstream/debug',\n 'content/tus/rhel8/8.4/x86_64/appstream/os',\n 'content/tus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/baseos/debug',\n 'content/tus/rhel8/8.4/x86_64/baseos/os',\n 'content/tus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.4/x86_64/highavailability/os',\n 'content/tus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/nfv/debug',\n 'content/tus/rhel8/8.4/x86_64/nfv/os',\n 'content/tus/rhel8/8.4/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/rt/debug',\n 'content/tus/rhel8/8.4/x86_64/rt/os',\n 'content/tus/rhel8/8.4/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'postgresql-10.21-2.module+el8.4.0+15341+25c9f2fe', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-contrib-10.21-2.module+el8.4.0+15341+25c9f2fe', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-docs-10.21-2.module+el8.4.0+15341+25c9f2fe', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-plperl-10.21-2.module+el8.4.0+15341+25c9f2fe', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-plpython3-10.21-2.module+el8.4.0+15341+25c9f2fe', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-pltcl-10.21-2.module+el8.4.0+15341+25c9f2fe', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-server-10.21-2.module+el8.4.0+15341+25c9f2fe', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-server-devel-10.21-2.module+el8.4.0+15341+25c9f2fe', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-static-10.21-2.module+el8.4.0+15341+25c9f2fe', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-test-10.21-2.module+el8.4.0+15341+25c9f2fe', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-test-rpm-macros-10.21-2.module+el8.4.0+15341+25c9f2fe', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-upgrade-10.21-2.module+el8.4.0+15341+25c9f2fe', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-upgrade-devel-10.21-2.module+el8.4.0+15341+25c9f2fe', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n ]\n};\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:appstreams, appstreams:TRUE);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar module_ver = get_kb_item('Host/RedHat/appstream/postgresql');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module postgresql:10');\nif ('10' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module postgresql:' + module_ver);\n\nvar flag = 0;\nvar appstreams_found = 0;\nforeach var module (keys(appstreams)) {\n var appstream = NULL;\n var appstream_name = NULL;\n var appstream_version = NULL;\n var appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach var module_array ( appstreams[module] ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(module_array['repo_relative_urls'])) repo_relative_urls = module_array['repo_relative_urls'];\n foreach var package_array ( module_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module postgresql:10');\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support, Extended Update Support, Telco Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'postgresql / postgresql-contrib / postgresql-docs / postgresql-plperl / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-03-11T10:47:57", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:4807 advisory.\n\n - postgresql: Autovacuum, REINDEX, and others omit security restricted operation sandbox (CVE-2022-1552)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-31T00:00:00", "type": "nessus", "title": "RHEL 8 : postgresql:12 (RHSA-2022:4807)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-1552"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.6", "cpe:/o:redhat:rhel_e4s:8.6", "cpe:/o:redhat:rhel_eus:8.6", "cpe:/o:redhat:rhel_tus:8.6", "p-cpe:/a:redhat:enterprise_linux:pg_repack", "p-cpe:/a:redhat:enterprise_linux:pgaudit", "p-cpe:/a:redhat:enterprise_linux:postgres-decoderbufs", "p-cpe:/a:redhat:enterprise_linux:postgresql", "p-cpe:/a:redhat:enterprise_linux:postgresql-contrib", "p-cpe:/a:redhat:enterprise_linux:postgresql-docs", "p-cpe:/a:redhat:enterprise_linux:postgresql-plperl", "p-cpe:/a:redhat:enterprise_linux:postgresql-plpython3", "p-cpe:/a:redhat:enterprise_linux:postgresql-pltcl", "p-cpe:/a:redhat:enterprise_linux:postgresql-server", "p-cpe:/a:redhat:enterprise_linux:postgresql-server-devel", "p-cpe:/a:redhat:enterprise_linux:postgresql-static", "p-cpe:/a:redhat:enterprise_linux:postgresql-test", "p-cpe:/a:redhat:enterprise_linux:postgresql-test-rpm-macros", "p-cpe:/a:redhat:enterprise_linux:postgresql-upgrade", "p-cpe:/a:redhat:enterprise_linux:postgresql-upgrade-devel"], "id": "REDHAT-RHSA-2022-4807.NASL", "href": "https://www.tenable.com/plugins/nessus/161709", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:4807. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161709);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2022-1552\");\n script_xref(name:\"RHSA\", value:\"2022:4807\");\n script_xref(name:\"IAVB\", value:\"2022-B-0015-S\");\n\n script_name(english:\"RHEL 8 : postgresql:12 (RHSA-2022:4807)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2022:4807 advisory.\n\n - postgresql: Autovacuum, REINDEX, and others omit security restricted operation sandbox (CVE-2022-1552)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1552\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:4807\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2081126\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-1552\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(89, 459, 863);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/05/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pg_repack\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pgaudit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgres-decoderbufs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-plperl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-plpython3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-pltcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-server-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-test-rpm-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-upgrade\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-upgrade-devel\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar appstreams = {\n 'postgresql:12': [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.6/x86_64/appstream/debug',\n 'content/aus/rhel8/8.6/x86_64/appstream/os',\n 'content/aus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.6/x86_64/baseos/debug',\n 'content/aus/rhel8/8.6/x86_64/baseos/os',\n 'content/aus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.6/x86_64/appstream/os',\n 'content/e4s/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.6/x86_64/baseos/os',\n 'content/e4s/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap/os',\n 'content/e4s/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/appstream/debug',\n 'content/eus/rhel8/8.6/aarch64/appstream/os',\n 'content/eus/rhel8/8.6/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/baseos/debug',\n 'content/eus/rhel8/8.6/aarch64/baseos/os',\n 'content/eus/rhel8/8.6/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.6/aarch64/highavailability/os',\n 'content/eus/rhel8/8.6/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.6/aarch64/supplementary/os',\n 'content/eus/rhel8/8.6/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.6/ppc64le/appstream/os',\n 'content/eus/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.6/ppc64le/baseos/os',\n 'content/eus/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap/os',\n 'content/eus/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/appstream/debug',\n 'content/eus/rhel8/8.6/s390x/appstream/os',\n 'content/eus/rhel8/8.6/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/baseos/debug',\n 'content/eus/rhel8/8.6/s390x/baseos/os',\n 'content/eus/rhel8/8.6/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/highavailability/debug',\n 'content/eus/rhel8/8.6/s390x/highavailability/os',\n 'content/eus/rhel8/8.6/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/sap/debug',\n 'content/eus/rhel8/8.6/s390x/sap/os',\n 'content/eus/rhel8/8.6/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/supplementary/debug',\n 'content/eus/rhel8/8.6/s390x/supplementary/os',\n 'content/eus/rhel8/8.6/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/appstream/debug',\n 'content/eus/rhel8/8.6/x86_64/appstream/os',\n 'content/eus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/baseos/debug',\n 'content/eus/rhel8/8.6/x86_64/baseos/os',\n 'content/eus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.6/x86_64/highavailability/os',\n 'content/eus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap/debug',\n 'content/eus/rhel8/8.6/x86_64/sap/os',\n 'content/eus/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.6/x86_64/supplementary/os',\n 'content/eus/rhel8/8.6/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/appstream/debug',\n 'content/tus/rhel8/8.6/x86_64/appstream/os',\n 'content/tus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/baseos/debug',\n 'content/tus/rhel8/8.6/x86_64/baseos/os',\n 'content/tus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.6/x86_64/highavailability/os',\n 'content/tus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/rt/os',\n 'content/tus/rhel8/8.6/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'pg_repack-1.4.6-3.module+el8.5.0+11354+78b3c9c5', 'sp':'6', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pgaudit-1.4.0-5.module+el8.5.0+11354+78b3c9c5', 'sp':'6', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgres-decoderbufs-0.10.0-2.module+el8.5.0+11354+78b3c9c5', 'sp':'6', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-12.11-2.module+el8.6.0+15345+1dd8d6b8', 'sp':'6', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-contrib-12.11-2.module+el8.6.0+15345+1dd8d6b8', 'sp':'6', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-docs-12.11-2.module+el8.6.0+15345+1dd8d6b8', 'sp':'6', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-plperl-12.11-2.module+el8.6.0+15345+1dd8d6b8', 'sp':'6', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-plpython3-12.11-2.module+el8.6.0+15345+1dd8d6b8', 'sp':'6', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-pltcl-12.11-2.module+el8.6.0+15345+1dd8d6b8', 'sp':'6', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-server-12.11-2.module+el8.6.0+15345+1dd8d6b8', 'sp':'6', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-server-devel-12.11-2.module+el8.6.0+15345+1dd8d6b8', 'sp':'6', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-static-12.11-2.module+el8.6.0+15345+1dd8d6b8', 'sp':'6', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-test-12.11-2.module+el8.6.0+15345+1dd8d6b8', 'sp':'6', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-test-rpm-macros-12.11-2.module+el8.6.0+15345+1dd8d6b8', 'sp':'6', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-upgrade-12.11-2.module+el8.6.0+15345+1dd8d6b8', 'sp':'6', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-upgrade-devel-12.11-2.module+el8.6.0+15345+1dd8d6b8', 'sp':'6', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/aarch64/appstream/debug',\n 'content/dist/rhel8/8/aarch64/appstream/os',\n 'content/dist/rhel8/8/aarch64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/baseos/debug',\n 'content/dist/rhel8/8/aarch64/baseos/os',\n 'content/dist/rhel8/8/aarch64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/codeready-builder/debug',\n 'content/dist/rhel8/8/aarch64/codeready-builder/os',\n 'content/dist/rhel8/8/aarch64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/highavailability/debug',\n 'content/dist/rhel8/8/aarch64/highavailability/os',\n 'content/dist/rhel8/8/aarch64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/supplementary/debug',\n 'content/dist/rhel8/8/aarch64/supplementary/os',\n 'content/dist/rhel8/8/aarch64/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/appstream/debug',\n 'content/dist/rhel8/8/ppc64le/appstream/os',\n 'content/dist/rhel8/8/ppc64le/appstream/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/baseos/debug',\n 'content/dist/rhel8/8/ppc64le/baseos/os',\n 'content/dist/rhel8/8/ppc64le/baseos/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/debug',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/os',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/highavailability/debug',\n 'content/dist/rhel8/8/ppc64le/highavailability/os',\n 'content/dist/rhel8/8/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/debug',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/os',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/debug',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/os',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap/debug',\n 'content/dist/rhel8/8/ppc64le/sap/os',\n 'content/dist/rhel8/8/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/supplementary/debug',\n 'content/dist/rhel8/8/ppc64le/supplementary/os',\n 'content/dist/rhel8/8/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/s390x/appstream/debug',\n 'content/dist/rhel8/8/s390x/appstream/os',\n 'content/dist/rhel8/8/s390x/appstream/source/SRPMS',\n 'content/dist/rhel8/8/s390x/baseos/debug',\n 'content/dist/rhel8/8/s390x/baseos/os',\n 'content/dist/rhel8/8/s390x/baseos/source/SRPMS',\n 'content/dist/rhel8/8/s390x/codeready-builder/debug',\n 'content/dist/rhel8/8/s390x/codeready-builder/os',\n 'content/dist/rhel8/8/s390x/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/s390x/highavailability/debug',\n 'content/dist/rhel8/8/s390x/highavailability/os',\n 'content/dist/rhel8/8/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/s390x/resilientstorage/debug',\n 'content/dist/rhel8/8/s390x/resilientstorage/os',\n 'content/dist/rhel8/8/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/s390x/sap/debug',\n 'content/dist/rhel8/8/s390x/sap/os',\n 'content/dist/rhel8/8/s390x/sap/source/SRPMS',\n 'content/dist/rhel8/8/s390x/supplementary/debug',\n 'content/dist/rhel8/8/s390x/supplementary/os',\n 'content/dist/rhel8/8/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'pg_repack-1.4.6-3.module+el8.5.0+11354+78b3c9c5', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pgaudit-1.4.0-5.module+el8.5.0+11354+78b3c9c5', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgres-decoderbufs-0.10.0-2.module+el8.5.0+11354+78b3c9c5', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-12.11-2.module+el8.6.0+15345+1dd8d6b8', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-contrib-12.11-2.module+el8.6.0+15345+1dd8d6b8', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-docs-12.11-2.module+el8.6.0+15345+1dd8d6b8', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-plperl-12.11-2.module+el8.6.0+15345+1dd8d6b8', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-plpython3-12.11-2.module+el8.6.0+15345+1dd8d6b8', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-pltcl-12.11-2.module+el8.6.0+15345+1dd8d6b8', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-server-12.11-2.module+el8.6.0+15345+1dd8d6b8', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-server-devel-12.11-2.module+el8.6.0+15345+1dd8d6b8', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-static-12.11-2.module+el8.6.0+15345+1dd8d6b8', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-test-12.11-2.module+el8.6.0+15345+1dd8d6b8', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-test-rpm-macros-12.11-2.module+el8.6.0+15345+1dd8d6b8', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-upgrade-12.11-2.module+el8.6.0+15345+1dd8d6b8', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-upgrade-devel-12.11-2.module+el8.6.0+15345+1dd8d6b8', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n ]\n};\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:appstreams, appstreams:TRUE);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar module_ver = get_kb_item('Host/RedHat/appstream/postgresql');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module postgresql:12');\nif ('12' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module postgresql:' + module_ver);\n\nvar flag = 0;\nvar appstreams_found = 0;\nforeach var module (keys(appstreams)) {\n var appstream = NULL;\n var appstream_name = NULL;\n var appstream_version = NULL;\n var appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach var module_array ( appstreams[module] ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(module_array['repo_relative_urls'])) repo_relative_urls = module_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var package_array ( module_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp']) && !enterprise_linux_flag) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module postgresql:12');\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'pg_repack / pgaudit / postgres-decoderbufs / postgresql / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-03-25T14:33:31", "description": "The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5136 advisory.\n\n - A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck commands activated relevant protections too late or not at all during the process. This flaw allows an attacker with permission to create non-temporary objects in at least one schema to execute arbitrary SQL functions under a superuser identity. (CVE-2022-1552)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-13T00:00:00", "type": "nessus", "title": "Debian DSA-5136-1 : postgresql-13 - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-1552"], "modified": "2023-03-21T00:00:00", "cpe": ["cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:libecpg-compat3:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:libecpg-dev:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:libecpg6:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:libpgtypes3:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:libpq-dev:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:libpq5:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:postgresql-13:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:postgresql-client-13:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:postgresql-doc-13:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:postgresql-plperl-13:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:postgresql-plpython3-13:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:postgresql-pltcl-13:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:postgresql-server-dev-13:*:*:*:*:*:*:*"], "id": "DEBIAN_DSA-5136.NASL", "href": "https://www.tenable.com/plugins/nessus/161153", "sourceData": "#\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dsa-5136. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161153);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/21\");\n\n script_cve_id(\"CVE-2022-1552\");\n script_xref(name:\"IAVB\", value:\"2022-B-0015-S\");\n\n script_name(english:\"Debian DSA-5136-1 : postgresql-13 - security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing a security-related update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5136\nadvisory.\n\n - A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a\n privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH\n MATERIALIZED VIEW, CLUSTER, and pg_amcheck commands activated relevant protections too late or not at all\n during the process. This flaw allows an attacker with permission to create non-temporary objects in at\n least one schema to execute arbitrary SQL functions under a superuser identity. (CVE-2022-1552)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://security-tracker.debian.org/tracker/source-package/postgresql-13\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1964ded4\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/security/2022/dsa-5136\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-1552\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/bullseye/postgresql-13\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the postgresql-13 packages.\n\nFor the stable distribution (bullseye), this problem has been fixed in version 13.7-0+deb11u1.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-1552\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/05/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libecpg-compat3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libecpg-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libecpg6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libpgtypes3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libpq-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libpq5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:postgresql-13\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:postgresql-client-13\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:postgresql-doc-13\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:postgresql-plperl-13\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:postgresql-plpython3-13\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:postgresql-pltcl-13\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:postgresql-server-dev-13\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:11.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar release = get_kb_item('Host/Debian/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Debian');\nvar release = chomp(release);\nif (! preg(pattern:\"^(11)\\.[0-9]+\", string:release)) audit(AUDIT_OS_NOT, 'Debian 11.0', 'Debian ' + release);\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\nvar pkgs = [\n {'release': '11.0', 'prefix': 'libecpg-compat3', 'reference': '13.7-0+deb11u1'},\n {'release': '11.0', 'prefix': 'libecpg-dev', 'reference': '13.7-0+deb11u1'},\n {'release': '11.0', 'prefix': 'libecpg6', 'reference': '13.7-0+deb11u1'},\n {'release': '11.0', 'prefix': 'libpgtypes3', 'reference': '13.7-0+deb11u1'},\n {'release': '11.0', 'prefix': 'libpq-dev', 'reference': '13.7-0+deb11u1'},\n {'release': '11.0', 'prefix': 'libpq5', 'reference': '13.7-0+deb11u1'},\n {'release': '11.0', 'prefix': 'postgresql-13', 'reference': '13.7-0+deb11u1'},\n {'release': '11.0', 'prefix': 'postgresql-client-13', 'reference': '13.7-0+deb11u1'},\n {'release': '11.0', 'prefix': 'postgresql-doc-13', 'reference': '13.7-0+deb11u1'},\n {'release': '11.0', 'prefix': 'postgresql-plperl-13', 'reference': '13.7-0+deb11u1'},\n {'release': '11.0', 'prefix': 'postgresql-plpython3-13', 'reference': '13.7-0+deb11u1'},\n {'release': '11.0', 'prefix': 'postgresql-pltcl-13', 'reference': '13.7-0+deb11u1'},\n {'release': '11.0', 'prefix': 'postgresql-server-dev-13', 'reference': '13.7-0+deb11u1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var release = NULL;\n var prefix = NULL;\n var reference = NULL;\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (release && prefix && reference) {\n if (deb_check(release:release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libecpg-compat3 / libecpg-dev / libecpg6 / libpgtypes3 / libpq-dev / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-03-25T21:05:33", "description": "The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dsa-5135 advisory.\n\n - A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck commands activated relevant protections too late or not at all during the process. This flaw allows an attacker with permission to create non-temporary objects in at least one schema to execute arbitrary SQL functions under a superuser identity. (CVE-2022-1552)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-13T00:00:00", "type": "nessus", "title": "Debian DSA-5135-1 : postgresql-11 - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-1552"], "modified": "2023-03-21T00:00:00", "cpe": ["cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:libecpg-compat3:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:libecpg-dev:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:libecpg6:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:libpgtypes3:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:libpq-dev:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:libpq5:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:postgresql-11:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:postgresql-client-11:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:postgresql-doc-11:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:postgresql-plperl-11:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:postgresql-plpython-11:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:postgresql-plpython3-11:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:postgresql-pltcl-11:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:postgresql-server-dev-11:*:*:*:*:*:*:*"], "id": "DEBIAN_DSA-5135.NASL", "href": "https://www.tenable.com/plugins/nessus/161154", "sourceData": "#\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dsa-5135. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161154);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/21\");\n\n script_cve_id(\"CVE-2022-1552\");\n script_xref(name:\"IAVB\", value:\"2022-B-0015-S\");\n\n script_name(english:\"Debian DSA-5135-1 : postgresql-11 - security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing a security-related update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dsa-5135\nadvisory.\n\n - A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a\n privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH\n MATERIALIZED VIEW, CLUSTER, and pg_amcheck commands activated relevant protections too late or not at all\n during the process. This flaw allows an attacker with permission to create non-temporary objects in at\n least one schema to execute arbitrary SQL functions under a superuser identity. (CVE-2022-1552)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://security-tracker.debian.org/tracker/source-package/postgresql-11\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4e0872ee\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/security/2022/dsa-5135\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-1552\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/buster/postgresql-11\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the postgresql-11 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-1552\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/05/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libecpg-compat3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libecpg-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libecpg6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libpgtypes3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libpq-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libpq5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:postgresql-11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:postgresql-client-11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:postgresql-doc-11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:postgresql-plperl-11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:postgresql-plpython-11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:postgresql-plpython3-11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:postgresql-pltcl-11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:postgresql-server-dev-11\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar release = get_kb_item('Host/Debian/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Debian');\nvar release = chomp(release);\nif (! preg(pattern:\"^(10)\\.[0-9]+\", string:release)) audit(AUDIT_OS_NOT, 'Debian 10.0', 'Debian ' + release);\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\nvar pkgs = [\n {'release': '10.0', 'prefix': 'libecpg-compat3', 'reference': '11.16-0+deb10u1'},\n {'release': '10.0', 'prefix': 'libecpg-dev', 'reference': '11.16-0+deb10u1'},\n {'release': '10.0', 'prefix': 'libecpg6', 'reference': '11.16-0+deb10u1'},\n {'release': '10.0', 'prefix': 'libpgtypes3', 'reference': '11.16-0+deb10u1'},\n {'release': '10.0', 'prefix': 'libpq-dev', 'reference': '11.16-0+deb10u1'},\n {'release': '10.0', 'prefix': 'libpq5', 'reference': '11.16-0+deb10u1'},\n {'release': '10.0', 'prefix': 'postgresql-11', 'reference': '11.16-0+deb10u1'},\n {'release': '10.0', 'prefix': 'postgresql-client-11', 'reference': '11.16-0+deb10u1'},\n {'release': '10.0', 'prefix': 'postgresql-doc-11', 'reference': '11.16-0+deb10u1'},\n {'release': '10.0', 'prefix': 'postgresql-plperl-11', 'reference': '11.16-0+deb10u1'},\n {'release': '10.0', 'prefix': 'postgresql-plpython-11', 'reference': '11.16-0+deb10u1'},\n {'release': '10.0', 'prefix': 'postgresql-plpython3-11', 'reference': '11.16-0+deb10u1'},\n {'release': '10.0', 'prefix': 'postgresql-pltcl-11', 'reference': '11.16-0+deb10u1'},\n {'release': '10.0', 'prefix': 'postgresql-server-dev-11', 'reference': '11.16-0+deb10u1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var release = NULL;\n var prefix = NULL;\n var reference = NULL;\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (release && prefix && reference) {\n if (deb_check(release:release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libecpg-compat3 / libecpg-dev / libecpg6 / libpgtypes3 / libpq-dev / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-03-25T18:50:41", "description": "The remote Ubuntu 18.04 LTS / 20.04 LTS / 21.10 / 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5440-1 advisory.\n\n - A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck commands activated relevant protections too late or not at all during the process. This flaw allows an attacker with permission to create non-temporary objects in at least one schema to execute arbitrary SQL functions under a superuser identity. (CVE-2022-1552)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-24T00:00:00", "type": "nessus", "title": "Ubuntu 18.04 LTS / 20.04 LTS / 21.10 / 22.04 LTS : PostgreSQL vulnerability (USN-5440-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-1552"], "modified": "2023-03-21T00:00:00", "cpe": ["cpe:2.3:o:canonical:ubuntu_linux:18.04:-:lts:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:20.04:-:lts:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:libecpg-compat3:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:libecpg-dev:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:libecpg6:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:libpgtypes3:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:libpq-dev:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:libpq5:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:postgresql-10:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:postgresql-12:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:postgresql-client-10:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:postgresql-client-12:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:postgresql-plperl-10:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:postgresql-plperl-12:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:postgresql-plpython-10:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:postgresql-plpython3-10:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:postgresql-plpython3-12:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:postgresql-pltcl-10:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:postgresql-pltcl-12:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:postgresql-server-dev-10:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:postgresql-server-dev-12:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:postgresql-13:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:postgresql-client-13:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:postgresql-plperl-13:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:postgresql-plpython3-13:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:postgresql-pltcl-13:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:postgresql-server-dev-13:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:21.10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:22.04:-:lts:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:postgresql-14:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:postgresql-client-14:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:postgresql-plperl-14:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:postgresql-plpython3-14:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:postgresql-pltcl-14:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:postgresql-server-dev-14:*:*:*:*:*:*:*"], "id": "UBUNTU_USN-5440-1.NASL", "href": "https://www.tenable.com/plugins/nessus/161474", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5440-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161474);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/21\");\n\n script_cve_id(\"CVE-2022-1552\");\n script_xref(name:\"USN\", value:\"5440-1\");\n script_xref(name:\"IAVB\", value:\"2022-B-0015-S\");\n\n script_name(english:\"Ubuntu 18.04 LTS / 20.04 LTS / 21.10 / 22.04 LTS : PostgreSQL vulnerability (USN-5440-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 18.04 LTS / 20.04 LTS / 21.10 / 22.04 LTS host has packages installed that are affected by a\nvulnerability as referenced in the USN-5440-1 advisory.\n\n - A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a\n privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH\n MATERIALIZED VIEW, CLUSTER, and pg_amcheck commands activated relevant protections too late or not at all\n during the process. This flaw allows an attacker with permission to create non-temporary objects in at\n least one schema to execute arbitrary SQL functions under a superuser identity. (CVE-2022-1552)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5440-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-1552\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/05/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:21.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:22.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libecpg-compat3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libecpg-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libecpg6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpgtypes3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpq-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpq5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-12\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-13\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-14\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-client-10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-client-12\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-client-13\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-client-14\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-plperl-10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-plperl-12\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-plperl-13\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-plperl-14\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-plpython-10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-plpython3-10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-plpython3-12\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-plpython3-13\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-plpython3-14\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-pltcl-10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-pltcl-12\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-pltcl-13\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-pltcl-14\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-server-dev-10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-server-dev-12\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-server-dev-13\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-server-dev-14\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nvar release = chomp(release);\nif (! preg(pattern:\"^(18\\.04|20\\.04|21\\.10|22\\.04)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 18.04 / 20.04 / 21.10 / 22.04', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\n\nvar pkgs = [\n {'osver': '18.04', 'pkgname': 'libecpg-compat3', 'pkgver': '10.21-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'libecpg-dev', 'pkgver': '10.21-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'libecpg6', 'pkgver': '10.21-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'libpgtypes3', 'pkgver': '10.21-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'libpq-dev', 'pkgver': '10.21-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'libpq5', 'pkgver': '10.21-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'postgresql-10', 'pkgver': '10.21-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'postgresql-client-10', 'pkgver': '10.21-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'postgresql-plperl-10', 'pkgver': '10.21-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'postgresql-plpython-10', 'pkgver': '10.21-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'postgresql-plpython3-10', 'pkgver': '10.21-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'postgresql-pltcl-10', 'pkgver': '10.21-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'postgresql-server-dev-10', 'pkgver': '10.21-0ubuntu0.18.04.1'},\n {'osver': '20.04', 'pkgname': 'libecpg-compat3', 'pkgver': '12.11-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libecpg-dev', 'pkgver': '12.11-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libecpg6', 'pkgver': '12.11-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libpgtypes3', 'pkgver': '12.11-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libpq-dev', 'pkgver': '12.11-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libpq5', 'pkgver': '12.11-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'postgresql-12', 'pkgver': '12.11-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'postgresql-client-12', 'pkgver': '12.11-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'postgresql-plperl-12', 'pkgver': '12.11-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'postgresql-plpython3-12', 'pkgver': '12.11-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'postgresql-pltcl-12', 'pkgver': '12.11-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'postgresql-server-dev-12', 'pkgver': '12.11-0ubuntu0.20.04.1'},\n {'osver': '21.10', 'pkgname': 'libecpg-compat3', 'pkgver': '13.7-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'libecpg-dev', 'pkgver': '13.7-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'libecpg6', 'pkgver': '13.7-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'libpgtypes3', 'pkgver': '13.7-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'libpq-dev', 'pkgver': '13.7-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'libpq5', 'pkgver': '13.7-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'postgresql-13', 'pkgver': '13.7-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'postgresql-client-13', 'pkgver': '13.7-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'postgresql-plperl-13', 'pkgver': '13.7-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'postgresql-plpython3-13', 'pkgver': '13.7-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'postgresql-pltcl-13', 'pkgver': '13.7-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'postgresql-server-dev-13', 'pkgver': '13.7-0ubuntu0.21.10.1'},\n {'osver': '22.04', 'pkgname': 'libecpg-compat3', 'pkgver': '14.3-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'libecpg-dev', 'pkgver': '14.3-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'libecpg6', 'pkgver': '14.3-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'libpgtypes3', 'pkgver': '14.3-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'libpq-dev', 'pkgver': '14.3-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'libpq5', 'pkgver': '14.3-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'postgresql-14', 'pkgver': '14.3-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'postgresql-client-14', 'pkgver': '14.3-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'postgresql-plperl-14', 'pkgver': '14.3-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'postgresql-plpython3-14', 'pkgver': '14.3-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'postgresql-pltcl-14', 'pkgver': '14.3-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'postgresql-server-dev-14', 'pkgver': '14.3-0ubuntu0.22.04.1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libecpg-compat3 / libecpg-dev / libecpg6 / libpgtypes3 / libpq-dev / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-03-29T03:13:58", "description": "The version of postgresql installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-1552 advisory.\n\n - A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck commands activated relevant protections too late or not at all during the process. This flaw allows an attacker with permission to create non-temporary objects in at least one schema to execute arbitrary SQL functions under a superuser identity. (CVE-2022-1552)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-03-28T00:00:00", "type": "nessus", "title": "CBL Mariner 2.0 Security Update: postgresql (CVE-2022-1552)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-1552"], "modified": "2023-03-28T00:00:00", "cpe": ["p-cpe:/a:microsoft:cbl-mariner:postgresql", "p-cpe:/a:microsoft:cbl-mariner:postgresql-debuginfo", "p-cpe:/a:microsoft:cbl-mariner:postgresql-devel", "p-cpe:/a:microsoft:cbl-mariner:postgresql-libs", "x-cpe:/o:microsoft:cbl-mariner"], "id": "MARINER_POSTGRESQL_CVE-2022-1552.NASL", "href": "https://www.tenable.com/plugins/nessus/173556", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(173556);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/28\");\n\n script_cve_id(\"CVE-2022-1552\");\n script_xref(name:\"IAVB\", value:\"2022-B-0015\");\n\n script_name(english:\"CBL Mariner 2.0 Security Update: postgresql (CVE-2022-1552)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CBL Mariner host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of postgresql installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore,\naffected by a vulnerability as referenced in the CVE-2022-1552 advisory.\n\n - A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a\n privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH\n MATERIALIZED VIEW, CLUSTER, and pg_amcheck commands activated relevant protections too late or not at all\n during the process. This flaw allows an attacker with permission to create non-temporary objects in at\n least one schema to execute arbitrary SQL functions under a superuser identity. (CVE-2022-1552)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://nvd.nist.gov/vuln/detail/CVE-2022-1552\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-1552\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/05/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/03/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:postgresql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:postgresql-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:postgresql-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:microsoft:cbl-mariner\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MarinerOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CBLMariner/release\", \"Host/CBLMariner/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/CBLMariner/release');\nif (isnull(release) || 'CBL-Mariner' >!< release) audit(AUDIT_OS_NOT, 'CBL-Mariner');\nvar os_ver = pregmatch(pattern: \"CBL-Mariner ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CBL-Mariner');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^2([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'CBL-Mariner 2.0', 'CBL-Mariner ' + os_ver);\n\nif (!get_kb_item('Host/CBLMariner/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu)\n audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CBL-Mariner', cpu);\n\nvar pkgs = [\n {'reference':'postgresql-14.5-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-14.5-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-debuginfo-14.5-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-debuginfo-14.5-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-devel-14.5-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-devel-14.5-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-libs-14.5-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-libs-14.5-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'CBLMariner-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'postgresql / postgresql-debuginfo / postgresql-devel / postgresql-libs');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-03-12T00:38:50", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:4895 advisory.\n\n - postgresql: Autovacuum, REINDEX, and others omit security restricted operation sandbox (CVE-2022-1552)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-04T00:00:00", "type": "nessus", "title": "RHEL 8 : postgresql:10 (RHSA-2022:4895)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-1552"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:8.2", "cpe:/o:redhat:rhel_e4s:8.2", "cpe:/o:redhat:rhel_eus:8.2", "cpe:/o:redhat:rhel_tus:8.2", "p-cpe:/a:redhat:enterprise_linux:postgresql", "p-cpe:/a:redhat:enterprise_linux:postgresql-contrib", "p-cpe:/a:redhat:enterprise_linux:postgresql-docs", "p-cpe:/a:redhat:enterprise_linux:postgresql-plperl", "p-cpe:/a:redhat:enterprise_linux:postgresql-plpython3", "p-cpe:/a:redhat:enterprise_linux:postgresql-pltcl", "p-cpe:/a:redhat:enterprise_linux:postgresql-server", "p-cpe:/a:redhat:enterprise_linux:postgresql-server-devel", "p-cpe:/a:redhat:enterprise_linux:postgresql-static", "p-cpe:/a:redhat:enterprise_linux:postgresql-test", "p-cpe:/a:redhat:enterprise_linux:postgresql-test-rpm-macros", "p-cpe:/a:redhat:enterprise_linux:postgresql-upgrade", "p-cpe:/a:redhat:enterprise_linux:postgresql-upgrade-devel"], "id": "REDHAT-RHSA-2022-4895.NASL", "href": "https://www.tenable.com/plugins/nessus/161832", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:4895. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161832);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2022-1552\");\n script_xref(name:\"RHSA\", value:\"2022:4895\");\n script_xref(name:\"IAVB\", value:\"2022-B-0015-S\");\n\n script_name(english:\"RHEL 8 : postgresql:10 (RHSA-2022:4895)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2022:4895 advisory.\n\n - postgresql: Autovacuum, REINDEX, and others omit security restricted operation sandbox (CVE-2022-1552)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1552\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:4895\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2081126\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-1552\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(89, 459, 863);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/05/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/06/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/06/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-plperl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-plpython3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-pltcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-server-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-test-rpm-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-upgrade\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-upgrade-devel\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '8.2')) audit(AUDIT_OS_NOT, 'Red Hat 8.2', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar appstreams = {\n 'postgresql:10': [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.2/x86_64/appstream/debug',\n 'content/aus/rhel8/8.2/x86_64/appstream/os',\n 'content/aus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.2/x86_64/baseos/debug',\n 'content/aus/rhel8/8.2/x86_64/baseos/os',\n 'content/aus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.2/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.2/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.2/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.2/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.2/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.2/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.2/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.2/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.2/ppc64le/sap/os',\n 'content/e4s/rhel8/8.2/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.2/x86_64/appstream/os',\n 'content/e4s/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.2/x86_64/baseos/os',\n 'content/e4s/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/sap/debug',\n 'content/e4s/rhel8/8.2/x86_64/sap/os',\n 'content/e4s/rhel8/8.2/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/appstream/debug',\n 'content/eus/rhel8/8.2/aarch64/appstream/os',\n 'content/eus/rhel8/8.2/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/baseos/debug',\n 'content/eus/rhel8/8.2/aarch64/baseos/os',\n 'content/eus/rhel8/8.2/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.2/aarch64/highavailability/os',\n 'content/eus/rhel8/8.2/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.2/aarch64/supplementary/os',\n 'content/eus/rhel8/8.2/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.2/ppc64le/appstream/os',\n 'content/eus/rhel8/8.2/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.2/ppc64le/baseos/os',\n 'content/eus/rhel8/8.2/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.2/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.2/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.2/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.2/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.2/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.2/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.2/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.2/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/sap/debug',\n 'content/eus/rhel8/8.2/ppc64le/sap/os',\n 'content/eus/rhel8/8.2/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.2/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.2/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/appstream/debug',\n 'content/eus/rhel8/8.2/s390x/appstream/os',\n 'content/eus/rhel8/8.2/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/baseos/debug',\n 'content/eus/rhel8/8.2/s390x/baseos/os',\n 'content/eus/rhel8/8.2/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.2/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.2/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/highavailability/debug',\n 'content/eus/rhel8/8.2/s390x/highavailability/os',\n 'content/eus/rhel8/8.2/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.2/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.2/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/sap/debug',\n 'content/eus/rhel8/8.2/s390x/sap/os',\n 'content/eus/rhel8/8.2/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/supplementary/debug',\n 'content/eus/rhel8/8.2/s390x/supplementary/os',\n 'content/eus/rhel8/8.2/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/appstream/debug',\n 'content/eus/rhel8/8.2/x86_64/appstream/os',\n 'content/eus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/baseos/debug',\n 'content/eus/rhel8/8.2/x86_64/baseos/os',\n 'content/eus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.2/x86_64/highavailability/os',\n 'content/eus/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/sap/debug',\n 'content/eus/rhel8/8.2/x86_64/sap/os',\n 'content/eus/rhel8/8.2/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.2/x86_64/supplementary/os',\n 'content/eus/rhel8/8.2/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/appstream/debug',\n 'content/tus/rhel8/8.2/x86_64/appstream/os',\n 'content/tus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/baseos/debug',\n 'content/tus/rhel8/8.2/x86_64/baseos/os',\n 'content/tus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.2/x86_64/highavailability/os',\n 'content/tus/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/nfv/debug',\n 'content/tus/rhel8/8.2/x86_64/nfv/os',\n 'content/tus/rhel8/8.2/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/rt/debug',\n 'content/tus/rhel8/8.2/x86_64/rt/os',\n 'content/tus/rhel8/8.2/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'postgresql-10.21-2.module+el8.2.0+15340+c4468608', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-contrib-10.21-2.module+el8.2.0+15340+c4468608', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-docs-10.21-2.module+el8.2.0+15340+c4468608', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-plperl-10.21-2.module+el8.2.0+15340+c4468608', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-plpython3-10.21-2.module+el8.2.0+15340+c4468608', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-pltcl-10.21-2.module+el8.2.0+15340+c4468608', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-server-10.21-2.module+el8.2.0+15340+c4468608', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-server-devel-10.21-2.module+el8.2.0+15340+c4468608', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-static-10.21-2.module+el8.2.0+15340+c4468608', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-test-10.21-2.module+el8.2.0+15340+c4468608', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-test-rpm-macros-10.21-2.module+el8.2.0+15340+c4468608', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-upgrade-10.21-2.module+el8.2.0+15340+c4468608', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-upgrade-devel-10.21-2.module+el8.2.0+15340+c4468608', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n ]\n};\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:appstreams, appstreams:TRUE);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar module_ver = get_kb_item('Host/RedHat/appstream/postgresql');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module postgresql:10');\nif ('10' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module postgresql:' + module_ver);\n\nvar flag = 0;\nvar appstreams_found = 0;\nforeach var module (keys(appstreams)) {\n var appstream = NULL;\n var appstream_name = NULL;\n var appstream_version = NULL;\n var appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach var module_array ( appstreams[module] ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(module_array['repo_relative_urls'])) repo_relative_urls = module_array['repo_relative_urls'];\n foreach var package_array ( module_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module postgresql:10');\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support, Extended Update Support, Telco Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'postgresql / postgresql-contrib / postgresql-docs / postgresql-plperl / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-03-11T15:57:52", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:4915 advisory.\n\n - postgresql: Autovacuum, REINDEX, and others omit security restricted operation sandbox (CVE-2022-1552)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-06T00:00:00", "type": "nessus", "title": "RHEL 7 : rh-postgresql12-postgresql (RHSA-2022:4915)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-1552"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:rh-postgresql12-postgresql", "p-cpe:/a:redhat:enterprise_linux:rh-postgresql12-postgresql-contrib", "p-cpe:/a:redhat:enterprise_linux:rh-postgresql12-postgresql-contrib-syspaths", "p-cpe:/a:redhat:enterprise_linux:rh-postgresql12-postgresql-devel", "p-cpe:/a:redhat:enterprise_linux:rh-postgresql12-postgresql-docs", "p-cpe:/a:redhat:enterprise_linux:rh-postgresql12-postgresql-libs", "p-cpe:/a:redhat:enterprise_linux:rh-postgresql12-postgresql-plperl", "p-cpe:/a:redhat:enterprise_linux:rh-postgresql12-postgresql-plpython", "p-cpe:/a:redhat:enterprise_linux:rh-postgresql12-postgresql-pltcl", "p-cpe:/a:redhat:enterprise_linux:rh-postgresql12-postgresql-server", "p-cpe:/a:redhat:enterprise_linux:rh-postgresql12-postgresql-server-syspaths", "p-cpe:/a:redhat:enterprise_linux:rh-postgresql12-postgresql-static", "p-cpe:/a:redhat:enterprise_linux:rh-postgresql12-postgresql-syspaths", "p-cpe:/a:redhat:enterprise_linux:rh-postgresql12-postgresql-test"], "id": "REDHAT-RHSA-2022-4915.NASL", "href": "https://www.tenable.com/plugins/nessus/161905", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:4915. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161905);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2022-1552\");\n script_xref(name:\"RHSA\", value:\"2022:4915\");\n\n script_name(english:\"RHEL 7 : rh-postgresql12-postgresql (RHSA-2022:4915)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2022:4915 advisory.\n\n - postgresql: Autovacuum, REINDEX, and others omit security restricted operation sandbox (CVE-2022-1552)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1552\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:4915\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2081126\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-1552\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(89, 459, 863);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/05/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/06/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/06/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-postgresql12-postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-postgresql12-postgresql-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-postgresql12-postgresql-contrib-syspaths\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-postgresql12-postgresql-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-postgresql12-postgresql-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-postgresql12-postgresql-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-postgresql12-postgresql-plperl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-postgresql12-postgresql-plpython\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-postgresql12-postgresql-pltcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-postgresql12-postgresql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-postgresql12-postgresql-server-syspaths\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-postgresql12-postgresql-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-postgresql12-postgresql-syspaths\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-postgresql12-postgresql-test\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/rhscl/1/debug',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/rhscl/1/os',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/rhscl/1/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rhscl/1/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rhscl/1/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rhscl/1/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/rhscl/1/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/rhscl/1/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/rhscl/1/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/rhscl/1/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/rhscl/1/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/rhscl/1/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'rh-postgresql12-postgresql-12.11-1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-postgresql12-postgresql-12.11-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-postgresql12-postgresql-contrib-12.11-1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-postgresql12-postgresql-contrib-12.11-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-postgresql12-postgresql-contrib-syspaths-12.11-1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-postgresql12-postgresql-contrib-syspaths-12.11-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-postgresql12-postgresql-devel-12.11-1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-postgresql12-postgresql-devel-12.11-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-postgresql12-postgresql-docs-12.11-1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-postgresql12-postgresql-docs-12.11-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-postgresql12-postgresql-libs-12.11-1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-postgresql12-postgresql-libs-12.11-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-postgresql12-postgresql-plperl-12.11-1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-postgresql12-postgresql-plperl-12.11-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-postgresql12-postgresql-plpython-12.11-1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-postgresql12-postgresql-plpython-12.11-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-postgresql12-postgresql-pltcl-12.11-1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-postgresql12-postgresql-pltcl-12.11-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-postgresql12-postgresql-server-12.11-1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-postgresql12-postgresql-server-12.11-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-postgresql12-postgresql-server-syspaths-12.11-1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-postgresql12-postgresql-server-syspaths-12.11-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-postgresql12-postgresql-static-12.11-1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-postgresql12-postgresql-static-12.11-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-postgresql12-postgresql-syspaths-12.11-1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-postgresql12-postgresql-syspaths-12.11-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-postgresql12-postgresql-test-12.11-1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-postgresql12-postgresql-test-12.11-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'rh-postgresql12-postgresql / rh-postgresql12-postgresql-contrib / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-03-12T10:36:19", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:4913 advisory.\n\n - postgresql: Autovacuum, REINDEX, and others omit security restricted operation sandbox (CVE-2022-1552)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-06T00:00:00", "type": "nessus", "title": "RHEL 7 : rh-postgresql10-postgresql (RHSA-2022:4913)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-1552"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:rh-postgresql10-postgresql", "p-cpe:/a:redhat:enterprise_linux:rh-postgresql10-postgresql-contrib", "p-cpe:/a:redhat:enterprise_linux:rh-postgresql10-postgresql-contrib-syspaths", "p-cpe:/a:redhat:enterprise_linux:rh-postgresql10-postgresql-devel", "p-cpe:/a:redhat:enterprise_linux:rh-postgresql10-postgresql-docs", "p-cpe:/a:redhat:enterprise_linux:rh-postgresql10-postgresql-libs", "p-cpe:/a:redhat:enterprise_linux:rh-postgresql10-postgresql-plperl", "p-cpe:/a:redhat:enterprise_linux:rh-postgresql10-postgresql-plpython", "p-cpe:/a:redhat:enterprise_linux:rh-postgresql10-postgresql-pltcl", "p-cpe:/a:redhat:enterprise_linux:rh-postgresql10-postgresql-server", "p-cpe:/a:redhat:enterprise_linux:rh-postgresql10-postgresql-server-syspaths", "p-cpe:/a:redhat:enterprise_linux:rh-postgresql10-postgresql-static", "p-cpe:/a:redhat:enterprise_linux:rh-postgresql10-postgresql-syspaths", "p-cpe:/a:redhat:enterprise_linux:rh-postgresql10-postgresql-test"], "id": "REDHAT-RHSA-2022-4913.NASL", "href": "https://www.tenable.com/plugins/nessus/161898", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:4913. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161898);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2022-1552\");\n script_xref(name:\"RHSA\", value:\"2022:4913\");\n\n script_name(english:\"RHEL 7 : rh-postgresql10-postgresql (RHSA-2022:4913)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2022:4913 advisory.\n\n - postgresql: Autovacuum, REINDEX, and others omit security restricted operation sandbox (CVE-2022-1552)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1552\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:4913\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2081126\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-1552\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(89, 459, 863);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/05/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/06/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/06/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-postgresql10-postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-postgresql10-postgresql-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-postgresql10-postgresql-contrib-syspaths\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-postgresql10-postgresql-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-postgresql10-postgresql-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-postgresql10-postgresql-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-postgresql10-postgresql-plperl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-postgresql10-postgresql-plpython\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-postgresql10-postgresql-pltcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-postgresql10-postgresql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-postgresql10-postgresql-server-syspaths\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-postgresql10-postgresql-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-postgresql10-postgresql-syspaths\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-postgresql10-postgresql-test\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/rhscl/1/debug',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/rhscl/1/os',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/rhscl/1/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rhscl/1/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rhscl/1/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rhscl/1/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/rhscl/1/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/rhscl/1/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/rhscl/1/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/rhscl/1/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/rhscl/1/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/rhscl/1/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'rh-postgresql10-postgresql-10.21-1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-postgresql10-postgresql-10.21-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-postgresql10-postgresql-contrib-10.21-1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-postgresql10-postgresql-contrib-10.21-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-postgresql10-postgresql-contrib-syspaths-10.21-1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-postgresql10-postgresql-contrib-syspaths-10.21-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-postgresql10-postgresql-devel-10.21-1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-postgresql10-postgresql-devel-10.21-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-postgresql10-postgresql-docs-10.21-1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-postgresql10-postgresql-docs-10.21-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-postgresql10-postgresql-libs-10.21-1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-postgresql10-postgresql-libs-10.21-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-postgresql10-postgresql-plperl-10.21-1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-postgresql10-postgresql-plperl-10.21-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-postgresql10-postgresql-plpython-10.21-1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-postgresql10-postgresql-plpython-10.21-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-postgresql10-postgresql-pltcl-10.21-1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-postgresql10-postgresql-pltcl-10.21-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-postgresql10-postgresql-server-10.21-1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-postgresql10-postgresql-server-10.21-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-postgresql10-postgresql-server-syspaths-10.21-1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-postgresql10-postgresql-server-syspaths-10.21-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-postgresql10-postgresql-static-10.21-1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-postgresql10-postgresql-static-10.21-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-postgresql10-postgresql-syspaths-10.21-1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-postgresql10-postgresql-syspaths-10.21-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-postgresql10-postgresql-test-10.21-1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-postgresql10-postgresql-test-10.21-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'rh-postgresql10-postgresql / rh-postgresql10-postgresql-contrib / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-03-11T00:36:37", "description": "The remote Scientific Linux 7 host has packages installed that are affected by a vulnerability as referenced in the SLSA-2022:5162-1 advisory.\n\n - postgresql: Autovacuum, REINDEX, and others omit security restricted operation sandbox (CVE-2022-1552)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-22T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : postgresql on SL7.x i686/x86_64 (2022:5162)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-1552"], "modified": "2022-12-09T00:00:00", "cpe": ["cpe:/o:fermilab:scientific_linux", "p-cpe:/a:fermilab:scientific_linux:postgresql", "p-cpe:/a:fermilab:scientific_linux:postgresql-contrib", "p-cpe:/a:fermilab:scientific_linux:postgresql-debuginfo", "p-cpe:/a:fermilab:scientific_linux:postgresql-devel", "p-cpe:/a:fermilab:scientific_linux:postgresql-docs", "p-cpe:/a:fermilab:scientific_linux:postgresql-libs", "p-cpe:/a:fermilab:scientific_linux:postgresql-plperl", "p-cpe:/a:fermilab:scientific_linux:postgresql-plpython", "p-cpe:/a:fermilab:scientific_linux:postgresql-pltcl", "p-cpe:/a:fermilab:scientific_linux:postgresql-server", "p-cpe:/a:fermilab:scientific_linux:postgresql-static", "p-cpe:/a:fermilab:scientific_linux:postgresql-test", "p-cpe:/a:fermilab:scientific_linux:postgresql-upgrade"], "id": "SL_20220622_POSTGRESQL_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/162480", "sourceData": "##\n# (C) Tenable, Inc.\n##\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162480);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/09\");\n\n script_cve_id(\"CVE-2022-1552\");\n script_xref(name:\"IAVB\", value:\"2022-B-0015-S\");\n script_xref(name:\"RHSA\", value:\"RHSA-2022:5162\");\n\n script_name(english:\"Scientific Linux Security Update : postgresql on SL7.x i686/x86_64 (2022:5162)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Scientific Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Scientific Linux 7 host has packages installed that are affected by a vulnerability as referenced in the\nSLSA-2022:5162-1 advisory.\n\n - postgresql: Autovacuum, REINDEX, and others omit security restricted operation sandbox (CVE-2022-1552)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.scientificlinux.org/category/sl-errata/slsa-20225162-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-1552\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/05/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/06/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/06/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fermilab:scientific_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:postgresql-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:postgresql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:postgresql-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:postgresql-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:postgresql-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:postgresql-plperl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:postgresql-plpython\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:postgresql-pltcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:postgresql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:postgresql-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:postgresql-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:postgresql-upgrade\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Scientific Linux' >!< release) audit(AUDIT_OS_NOT, 'Scientific Linux');\nvar os_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Scientific Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Scientific Linux 7.x', 'Scientific Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Scientific Linux', cpu);\n\nvar pkgs = [\n {'reference':'postgresql-9.2.24-8.el7_9', 'cpu':'i686', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-9.2.24-8.el7_9', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-contrib-9.2.24-8.el7_9', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-debuginfo-9.2.24-8.el7_9', 'cpu':'i686', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-debuginfo-9.2.24-8.el7_9', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-devel-9.2.24-8.el7_9', 'cpu':'i686', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-devel-9.2.24-8.el7_9', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-docs-9.2.24-8.el7_9', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-libs-9.2.24-8.el7_9', 'cpu':'i686', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-libs-9.2.24-8.el7_9', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-plperl-9.2.24-8.el7_9', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-plpython-9.2.24-8.el7_9', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-pltcl-9.2.24-8.el7_9', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-server-9.2.24-8.el7_9', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-static-9.2.24-8.el7_9', 'cpu':'i686', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-static-9.2.24-8.el7_9', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-test-9.2.24-8.el7_9', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-upgrade-9.2.24-8.el7_9', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'postgresql / postgresql-contrib / postgresql-debuginfo / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-03-11T08:45:53", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:5162 advisory.\n\n - postgresql: Autovacuum, REINDEX, and others omit security restricted operation sandbox (CVE-2022-1552)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-22T00:00:00", "type": "nessus", "title": "RHEL 7 : postgresql (RHSA-2022:5162)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-1552"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:postgresql", "p-cpe:/a:redhat:enterprise_linux:postgresql-contrib", "p-cpe:/a:redhat:enterprise_linux:postgresql-devel", "p-cpe:/a:redhat:enterprise_linux:postgresql-docs", "p-cpe:/a:redhat:enterprise_linux:postgresql-libs", "p-cpe:/a:redhat:enterprise_linux:postgresql-plperl", "p-cpe:/a:redhat:enterprise_linux:postgresql-plpython", "p-cpe:/a:redhat:enterprise_linux:postgresql-pltcl", "p-cpe:/a:redhat:enterprise_linux:postgresql-server", "p-cpe:/a:redhat:enterprise_linux:postgresql-static", "p-cpe:/a:redhat:enterprise_linux:postgresql-test", "p-cpe:/a:redhat:enterprise_linux:postgresql-upgrade"], "id": "REDHAT-RHSA-2022-5162.NASL", "href": "https://www.tenable.com/plugins/nessus/162478", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:5162. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162478);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2022-1552\");\n script_xref(name:\"RHSA\", value:\"2022:5162\");\n script_xref(name:\"IAVB\", value:\"2022-B-0015-S\");\n\n script_name(english:\"RHEL 7 : postgresql (RHSA-2022:5162)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2022:5162 advisory.\n\n - postgresql: Autovacuum, REINDEX, and others omit security restricted operation sandbox (CVE-2022-1552)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1552\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:5162\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2081126\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-1552\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(89, 459, 863);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/05/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/06/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/06/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-plperl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-plpython\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-pltcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-upgrade\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/debug',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/debug',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/os',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/os',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/os',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/client/7/7Client/x86_64/os',\n 'content/dist/rhel/client/7/7Client/x86_64/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/os',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/os',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/os',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/os',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/server/7/7Server/x86_64/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/os',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/os',\n 'content/fastrack/rhel/client/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/os',\n 'content/fastrack/rhel/client/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/os',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/os',\n 'content/fastrack/rhel/computenode/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/os',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/optional/debug',\n 'content/fastrack/rhel/server/7/x86_64/optional/os',\n 'content/fastrack/rhel/server/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/debug',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/system-z/7/s390x/debug',\n 'content/fastrack/rhel/system-z/7/s390x/optional/debug',\n 'content/fastrack/rhel/system-z/7/s390x/optional/os',\n 'content/fastrack/rhel/system-z/7/s390x/optional/source/SRPMS',\n 'content/fastrack/rhel/system-z/7/s390x/os',\n 'content/fastrack/rhel/system-z/7/s390x/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/os',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/os',\n 'content/fastrack/rhel/workstation/7/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'postgresql-9.2.24-8.el7_9', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-contrib-9.2.24-8.el7_9', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-contrib-9.2.24-8.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-devel-9.2.24-8.el7_9', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-docs-9.2.24-8.el7_9', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-docs-9.2.24-8.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-libs-9.2.24-8.el7_9', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-plperl-9.2.24-8.el7_9', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-plperl-9.2.24-8.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-plpython-9.2.24-8.el7_9', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-plpython-9.2.24-8.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-pltcl-9.2.24-8.el7_9', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-pltcl-9.2.24-8.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-server-9.2.24-8.el7_9', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-server-9.2.24-8.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-static-9.2.24-8.el7_9', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-test-9.2.24-8.el7_9', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-test-9.2.24-8.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-upgrade-9.2.24-8.el7_9', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-upgrade-9.2.24-8.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'postgresql / postgresql-contrib / postgresql-devel / postgresql-docs / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-03-11T22:26:29", "description": "The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-5162 advisory.\n\n - postgresql: Autovacuum, REINDEX, and others omit security restricted operation sandbox (CVE-2022-1552)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-22T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : postgresql (ELSA-2022-5162)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-1552"], "modified": "2022-12-09T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:postgresql", "p-cpe:/a:oracle:linux:postgresql-contrib", "p-cpe:/a:oracle:linux:postgresql-devel", "p-cpe:/a:oracle:linux:postgresql-docs", "p-cpe:/a:oracle:linux:postgresql-libs", "p-cpe:/a:oracle:linux:postgresql-plperl", "p-cpe:/a:oracle:linux:postgresql-plpython", "p-cpe:/a:oracle:linux:postgresql-pltcl", "p-cpe:/a:oracle:linux:postgresql-server", "p-cpe:/a:oracle:linux:postgresql-static", "p-cpe:/a:oracle:linux:postgresql-test", "p-cpe:/a:oracle:linux:postgresql-upgrade"], "id": "ORACLELINUX_ELSA-2022-5162.NASL", "href": "https://www.tenable.com/plugins/nessus/162489", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-5162.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162489);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/09\");\n\n script_cve_id(\"CVE-2022-1552\");\n script_xref(name:\"IAVB\", value:\"2022-B-0015-S\");\n\n script_name(english:\"Oracle Linux 7 : postgresql (ELSA-2022-5162)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the\nELSA-2022-5162 advisory.\n\n - postgresql: Autovacuum, REINDEX, and others omit security restricted operation sandbox (CVE-2022-1552)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-5162.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-1552\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/05/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/06/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/06/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-plperl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-plpython\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-pltcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-upgrade\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar pkgs = [\n {'reference':'postgresql-9.2.24-8.el7_9', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-9.2.24-8.el7_9', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-9.2.24-8.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-contrib-9.2.24-8.el7_9', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-contrib-9.2.24-8.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-devel-9.2.24-8.el7_9', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-devel-9.2.24-8.el7_9', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-devel-9.2.24-8.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-docs-9.2.24-8.el7_9', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-docs-9.2.24-8.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-libs-9.2.24-8.el7_9', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-libs-9.2.24-8.el7_9', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-libs-9.2.24-8.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-plperl-9.2.24-8.el7_9', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-plperl-9.2.24-8.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-plpython-9.2.24-8.el7_9', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-plpython-9.2.24-8.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-pltcl-9.2.24-8.el7_9', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-pltcl-9.2.24-8.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-server-9.2.24-8.el7_9', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-server-9.2.24-8.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-static-9.2.24-8.el7_9', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-static-9.2.24-8.el7_9', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-static-9.2.24-8.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-test-9.2.24-8.el7_9', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-test-9.2.24-8.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-upgrade-9.2.24-8.el7_9', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-upgrade-9.2.24-8.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'postgresql / postgresql-contrib / postgresql-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-03-11T10:47:56", "description": "The remote SUSE Linux SLED15 / SLES15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:1908-1 advisory.\n\n - A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck commands activated relevant protections too late or not at all during the process. This flaw allows an attacker with permission to create non-temporary objects in at least one schema to execute arbitrary SQL functions under a superuser identity. (CVE-2022-1552)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-02T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 / openSUSE 15 Security Update : postgresql14 (SUSE-SU-2022:1908-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-1552"], "modified": "2023-02-08T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libecpg6", "p-cpe:/a:novell:suse_linux:libpq5", "p-cpe:/a:novell:suse_linux:libpq5-32bit", "p-cpe:/a:novell:suse_linux:postgresql14", "p-cpe:/a:novell:suse_linux:postgresql14-contrib", "p-cpe:/a:novell:suse_linux:postgresql14-devel", "p-cpe:/a:novell:suse_linux:postgresql14-docs", "p-cpe:/a:novell:suse_linux:postgresql14-llvmjit", "p-cpe:/a:novell:suse_linux:postgresql14-plperl", "p-cpe:/a:novell:suse_linux:postgresql14-plpython", "p-cpe:/a:novell:suse_linux:postgresql14-pltcl", "p-cpe:/a:novell:suse_linux:postgresql14-server", "p-cpe:/a:novell:suse_linux:postgresql14-server-devel", "p-cpe:/a:novell:suse_linux:postgresql14-test", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-1908-1.NASL", "href": "https://www.tenable.com/plugins/nessus/161786", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:1908-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161786);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/08\");\n\n script_cve_id(\"CVE-2022-1552\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:1908-1\");\n script_xref(name:\"IAVB\", value:\"2022-B-0015-S\");\n\n script_name(english:\"SUSE SLED15 / SLES15 / openSUSE 15 Security Update : postgresql14 (SUSE-SU-2022:1908-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLED15 / SLES15 / openSUSE 15 host has packages installed that are affected by a vulnerability as\nreferenced in the SUSE-SU-2022:1908-1 advisory.\n\n - A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a\n privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH\n MATERIALIZED VIEW, CLUSTER, and pg_amcheck commands activated relevant protections too late or not at all\n during the process. This flaw allows an attacker with permission to create non-temporary objects in at\n least one schema to execute arbitrary SQL functions under a superuser identity. (CVE-2022-1552)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199475\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TZ5E6BLKCNZQZF3KYEYUXNMPDMMNYFCM/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fab9e37c\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1552\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-1552\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/05/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/06/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/06/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libecpg6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libpq5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libpq5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:postgresql14\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:postgresql14-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:postgresql14-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:postgresql14-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:postgresql14-llvmjit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:postgresql14-plperl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:postgresql14-plpython\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:postgresql14-pltcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:postgresql14-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:postgresql14-server-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:postgresql14-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES|SUSE)\") audit(AUDIT_OS_NOT, \"SUSE / openSUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+|SUSE([\\d.]+))\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE / openSUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15|SUSE15\\.3|SUSE15\\.4)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED15 / SLES15 / openSUSE 15', 'SUSE / openSUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE / openSUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(3|4)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLED15 SP3/4\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2|3|4)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP2/3/4\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'libecpg6-14.3-150200.5.12.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.2', 'SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2']},\n {'reference':'libpq5-14.3-150200.5.12.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.2', 'SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2']},\n {'reference':'libpq5-32bit-14.3-150200.5.12.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.2', 'SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2']},\n {'reference':'postgresql14-14.3-150200.5.12.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.2', 'SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2']},\n {'reference':'postgresql14-contrib-14.3-150200.5.12.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.2', 'SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2']},\n {'reference':'postgresql14-devel-14.3-150200.5.12.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.2', 'SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2']},\n {'reference':'postgresql14-docs-14.3-150200.5.12.2', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.2', 'SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2']},\n {'reference':'postgresql14-plperl-14.3-150200.5.12.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.2', 'SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2']},\n {'reference':'postgresql14-plpython-14.3-150200.5.12.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.2', 'SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2']},\n {'reference':'postgresql14-pltcl-14.3-150200.5.12.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.2', 'SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2']},\n {'reference':'postgresql14-server-14.3-150200.5.12.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.2', 'SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2']},\n {'reference':'postgresql14-server-devel-14.3-150200.5.12.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.2', 'SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2']},\n {'reference':'libecpg6-14.3-150200.5.12.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-server-applications-release-15.3', 'sles-release-15.3']},\n {'reference':'libpq5-14.3-150200.5.12.2', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'libpq5-14.3-150200.5.12.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'postgresql14-14.3-150200.5.12.2', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'postgresql14-14.3-150200.5.12.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'postgresql14-contrib-14.3-150200.5.12.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-server-applications-release-15.3', 'sles-release-15.3']},\n {'reference':'postgresql14-devel-14.3-150200.5.12.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-server-applications-release-15.3', 'sles-release-15.3']},\n {'reference':'postgresql14-docs-14.3-150200.5.12.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-server-applications-release-15.3', 'sles-release-15.3']},\n {'reference':'postgresql14-llvmjit-14.3-150200.5.12.2', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-packagehub-subpackages-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'postgresql14-llvmjit-14.3-150200.5.12.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-packagehub-subpackages-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'postgresql14-plperl-14.3-150200.5.12.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-server-applications-release-15.3', 'sles-release-15.3']},\n {'reference':'postgresql14-plpython-14.3-150200.5.12.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-server-applications-release-15.3', 'sles-release-15.3']},\n {'reference':'postgresql14-pltcl-14.3-150200.5.12.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-server-applications-release-15.3', 'sles-release-15.3']},\n {'reference':'postgresql14-server-14.3-150200.5.12.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-server-applications-release-15.3', 'sles-release-15.3']},\n {'reference':'postgresql14-server-devel-14.3-150200.5.12.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-server-applications-release-15.3', 'sles-release-15.3']},\n {'reference':'postgresql14-test-14.3-150200.5.12.2', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-packagehub-subpackages-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'postgresql14-test-14.3-150200.5.12.2', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-packagehub-subpackages-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'libecpg6-14.3-150200.5.12.2', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-server-applications-release-15.4', 'sles-release-15.4']},\n {'reference':'libpq5-14.3-150200.5.12.2', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'libpq5-14.3-150200.5.12.2', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'postgresql14-14.3-150200.5.12.2', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'postgresql14-14.3-150200.5.12.2', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'postgresql14-contrib-14.3-150200.5.12.2', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-server-applications-release-15.4', 'sles-release-15.4']},\n {'reference':'postgresql14-devel-14.3-150200.5.12.2', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-server-applications-release-15.4', 'sles-release-15.4']},\n {'reference':'postgresql14-docs-14.3-150200.5.12.2', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-server-applications-release-15.4', 'sles-release-15.4']},\n {'reference':'postgresql14-plperl-14.3-150200.5.12.2', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-server-applications-release-15.4', 'sles-release-15.4']},\n {'reference':'postgresql14-plpython-14.3-150200.5.12.2', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-server-applications-release-15.4', 'sles-release-15.4']},\n {'reference':'postgresql14-pltcl-14.3-150200.5.12.2', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-server-applications-release-15.4', 'sles-release-15.4']},\n {'reference':'postgresql14-server-14.3-150200.5.12.2', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-server-applications-release-15.4', 'sles-release-15.4']},\n {'reference':'postgresql14-server-devel-14.3-150200.5.12.2', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-server-applications-release-15.4', 'sles-release-15.4']},\n {'reference':'libecpg6-14.3-150200.5.12.2', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'libpq5-14.3-150200.5.12.2', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'postgresql14-14.3-150200.5.12.2', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'postgresql14-contrib-14.3-150200.5.12.2', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'postgresql14-devel-14.3-150200.5.12.2', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'postgresql14-plperl-14.3-150200.5.12.2', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'postgresql14-plpython-14.3-150200.5.12.2', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'postgresql14-pltcl-14.3-150200.5.12.2', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'postgresql14-server-14.3-150200.5.12.2', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'postgresql14-server-devel-14.3-150200.5.12.2', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'libecpg6-14.3-150200.5.12.2', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'libecpg6-14.3-150200.5.12.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'libpq5-14.3-150200.5.12.2', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'libpq5-14.3-150200.5.12.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'libpq5-32bit-14.3-150200.5.12.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2', 'sles-ltss-release-15.2']},\n {'reference':'postgresql14-14.3-150200.5.12.2', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'postgresql14-14.3-150200.5.12.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'postgresql14-contrib-14.3-150200.5.12.2', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'postgresql14-contrib-14.3-150200.5.12.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'postgresql14-devel-14.3-150200.5.12.2', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'postgresql14-devel-14.3-150200.5.12.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'postgresql14-docs-14.3-150200.5.12.2', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2', 'sles-ltss-release-15.2']},\n {'reference':'postgresql14-plperl-14.3-150200.5.12.2', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'postgresql14-plperl-14.3-150200.5.12.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'postgresql14-plpython-14.3-150200.5.12.2', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'postgresql14-plpython-14.3-150200.5.12.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'postgresql14-pltcl-14.3-150200.5.12.2', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'postgresql14-pltcl-14.3-150200.5.12.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'postgresql14-server-14.3-150200.5.12.2', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'postgresql14-server-14.3-150200.5.12.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'postgresql14-server-devel-14.3-150200.5.12.2', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'postgresql14-server-devel-14.3-150200.5.12.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'libecpg6-14.3-150200.5.12.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'libecpg6-32bit-14.3-150200.5.12.2', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'libpq5-14.3-150200.5.12.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'libpq5-32bit-14.3-150200.5.12.2', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'postgresql14-14.3-150200.5.12.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'postgresql14-contrib-14.3-150200.5.12.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'postgresql14-devel-14.3-150200.5.12.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'postgresql14-devel-mini-14.3-150200.5.12.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'postgresql14-docs-14.3-150200.5.12.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'postgresql14-llvmjit-14.3-150200.5.12.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'postgresql14-plperl-14.3-150200.5.12.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'postgresql14-plpython-14.3-150200.5.12.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'postgresql14-pltcl-14.3-150200.5.12.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'postgresql14-server-14.3-150200.5.12.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'postgresql14-server-devel-14.3-150200.5.12.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'postgresql14-test-14.3-150200.5.12.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'libecpg6-14.3-150200.5.12.2', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'libecpg6-32bit-14.3-150200.5.12.2', 'cpu':'x86_64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'libpq5-14.3-150200.5.12.2', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'libpq5-32bit-14.3-150200.5.12.2', 'cpu':'x86_64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'postgresql14-14.3-150200.5.12.2', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'postgresql14-contrib-14.3-150200.5.12.2', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'postgresql14-devel-14.3-150200.5.12.2', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'postgresql14-docs-14.3-150200.5.12.2', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'postgresql14-llvmjit-14.3-150200.5.12.2', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'postgresql14-llvmjit-devel-14.3-150200.5.12.2', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'postgresql14-plperl-14.3-150200.5.12.2', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'postgresql14-plpython-14.3-150200.5.12.2', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'postgresql14-pltcl-14.3-150200.5.12.2', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'postgresql14-server-14.3-150200.5.12.2', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'postgresql14-server-devel-14.3-150200.5.12.2', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'postgresql14-test-14.3-150200.5.12.2', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'libecpg6-14.3-150200.5.12.2', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'libpq5-14.3-150200.5.12.2', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'postgresql14-14.3-150200.5.12.2', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'postgresql14-contrib-14.3-150200.5.12.2', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'postgresql14-devel-14.3-150200.5.12.2', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'postgresql14-plperl-14.3-150200.5.12.2', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'postgresql14-plpython-14.3-150200.5.12.2', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'postgresql14-pltcl-14.3-150200.5.12.2', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'postgresql14-server-14.3-150200.5.12.2', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'postgresql14-server-devel-14.3-150200.5.12.2', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libecpg6 / libecpg6-32bit / libpq5 / libpq5-32bit / postgresql14 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-03-11T04:28:05", "description": "The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-4855 advisory.\n\n - postgresql: Autovacuum, REINDEX, and others omit security restricted operation sandbox (CVE-2022-1552)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-02T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : postgresql:13 (ELSA-2022-4855)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-1552"], "modified": "2022-12-09T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:pg_repack", "p-cpe:/a:oracle:linux:pgaudit", "p-cpe:/a:oracle:linux:postgres-decoderbufs", "p-cpe:/a:oracle:linux:postgresql", "p-cpe:/a:oracle:linux:postgresql-contrib", "p-cpe:/a:oracle:linux:postgresql-docs", "p-cpe:/a:oracle:linux:postgresql-plperl", "p-cpe:/a:oracle:linux:postgresql-plpython3", "p-cpe:/a:oracle:linux:postgresql-pltcl", "p-cpe:/a:oracle:linux:postgresql-server", "p-cpe:/a:oracle:linux:postgresql-server-devel", "p-cpe:/a:oracle:linux:postgresql-static", "p-cpe:/a:oracle:linux:postgresql-test", "p-cpe:/a:oracle:linux:postgresql-test-rpm-macros", "p-cpe:/a:oracle:linux:postgresql-upgrade", "p-cpe:/a:oracle:linux:postgresql-upgrade-devel"], "id": "ORACLELINUX_ELSA-2022-4855.NASL", "href": "https://www.tenable.com/plugins/nessus/161792", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-4855.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161792);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/09\");\n\n script_cve_id(\"CVE-2022-1552\");\n script_xref(name:\"IAVB\", value:\"2022-B-0015-S\");\n\n script_name(english:\"Oracle Linux 8 : postgresql:13 (ELSA-2022-4855)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the\nELSA-2022-4855 advisory.\n\n - postgresql: Autovacuum, REINDEX, and others omit security restricted operation sandbox (CVE-2022-1552)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-4855.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-1552\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/05/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/06/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/06/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:pg_repack\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:pgaudit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgres-decoderbufs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-plperl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-plpython3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-pltcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-server-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-test-rpm-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-upgrade\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-upgrade-devel\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar module_ver = get_kb_item('Host/RedHat/appstream/postgresql');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module postgresql:13');\nif ('13' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module postgresql:' + module_ver);\n\nvar appstreams = {\n 'postgresql:13': [\n {'reference':'pg_repack-1.4.6-3.module+el8.5.0+20353+e924f9ed', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pg_repack-1.4.6-3.module+el8.5.0+20353+e924f9ed', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pgaudit-1.5.0-1.module+el8.4.0+20016+06fd4df3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pgaudit-1.5.0-1.module+el8.4.0+20016+06fd4df3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgres-decoderbufs-0.10.0-2.module+el8.4.0+20016+06fd4df3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgres-decoderbufs-0.10.0-2.module+el8.4.0+20016+06fd4df3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-13.7-2.module+el8.6.0+20679+105cfe02', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-13.7-2.module+el8.6.0+20679+105cfe02', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-contrib-13.7-2.module+el8.6.0+20679+105cfe02', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-contrib-13.7-2.module+el8.6.0+20679+105cfe02', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-docs-13.7-2.module+el8.6.0+20679+105cfe02', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-docs-13.7-2.module+el8.6.0+20679+105cfe02', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-plperl-13.7-2.module+el8.6.0+20679+105cfe02', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-plperl-13.7-2.module+el8.6.0+20679+105cfe02', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-plpython3-13.7-2.module+el8.6.0+20679+105cfe02', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-plpython3-13.7-2.module+el8.6.0+20679+105cfe02', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-pltcl-13.7-2.module+el8.6.0+20679+105cfe02', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-pltcl-13.7-2.module+el8.6.0+20679+105cfe02', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-server-13.7-2.module+el8.6.0+20679+105cfe02', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-server-13.7-2.module+el8.6.0+20679+105cfe02', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-server-devel-13.7-2.module+el8.6.0+20679+105cfe02', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-server-devel-13.7-2.module+el8.6.0+20679+105cfe02', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-static-13.7-2.module+el8.6.0+20679+105cfe02', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-static-13.7-2.module+el8.6.0+20679+105cfe02', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-test-13.7-2.module+el8.6.0+20679+105cfe02', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-test-13.7-2.module+el8.6.0+20679+105cfe02', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-test-rpm-macros-13.7-2.module+el8.6.0+20679+105cfe02', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-upgrade-13.7-2.module+el8.6.0+20679+105cfe02', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-upgrade-13.7-2.module+el8.6.0+20679+105cfe02', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-upgrade-devel-13.7-2.module+el8.6.0+20679+105cfe02', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-upgrade-devel-13.7-2.module+el8.6.0+20679+105cfe02', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n};\n\nvar flag = 0;\nvar appstreams_found = 0;\nforeach var module (keys(appstreams)) {\n var appstream = NULL;\n var appstream_name = NULL;\n var appstream_version = NULL;\n var appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach var package_array ( appstreams[module] ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module postgresql:13');\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'pg_repack / pgaudit / postgres-decoderbufs / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-03-11T16:45:48", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:4856 advisory.\n\n - postgresql: Autovacuum, REINDEX, and others omit security restricted operation sandbox (CVE-2022-1552)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-02T00:00:00", "type": "nessus", "title": "RHEL 8 : postgresql:12 (RHSA-2022:4856)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-1552"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:8.4", "cpe:/o:redhat:rhel_e4s:8.4", "cpe:/o:redhat:rhel_eus:8.4", "cpe:/o:redhat:rhel_tus:8.4", "p-cpe:/a:redhat:enterprise_linux:pgaudit", "p-cpe:/a:redhat:enterprise_linux:postgres-decoderbufs", "p-cpe:/a:redhat:enterprise_linux:postgresql", "p-cpe:/a:redhat:enterprise_linux:postgresql-contrib", "p-cpe:/a:redhat:enterprise_linux:postgresql-docs", "p-cpe:/a:redhat:enterprise_linux:postgresql-plperl", "p-cpe:/a:redhat:enterprise_linux:postgresql-plpython3", "p-cpe:/a:redhat:enterprise_linux:postgresql-pltcl", "p-cpe:/a:redhat:enterprise_linux:postgresql-server", "p-cpe:/a:redhat:enterprise_linux:postgresql-server-devel", "p-cpe:/a:redhat:enterprise_linux:postgresql-static", "p-cpe:/a:redhat:enterprise_linux:postgresql-test", "p-cpe:/a:redhat:enterprise_linux:postgresql-test-rpm-macros", "p-cpe:/a:redhat:enterprise_linux:postgresql-upgrade", "p-cpe:/a:redhat:enterprise_linux:postgresql-upgrade-devel"], "id": "REDHAT-RHSA-2022-4856.NASL", "href": "https://www.tenable.com/plugins/nessus/161776", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:4856. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161776);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2022-1552\");\n script_xref(name:\"RHSA\", value:\"2022:4856\");\n script_xref(name:\"IAVB\", value:\"2022-B-0015-S\");\n\n script_name(english:\"RHEL 8 : postgresql:12 (RHSA-2022:4856)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2022:4856 advisory.\n\n - postgresql: Autovacuum, REINDEX, and others omit security restricted operation sandbox (CVE-2022-1552)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1552\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:4856\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2081126\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-1552\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(89, 459, 863);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/05/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/06/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/06/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pgaudit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgres-decoderbufs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-plperl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-plpython3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-pltcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-server-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-test-rpm-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-upgrade\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-upgrade-devel\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '8.4')) audit(AUDIT_OS_NOT, 'Red Hat 8.4', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar appstreams = {\n 'postgresql:12': [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.4/x86_64/appstream/debug',\n 'content/aus/rhel8/8.4/x86_64/appstream/os',\n 'content/aus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.4/x86_64/baseos/debug',\n 'content/aus/rhel8/8.4/x86_64/baseos/os',\n 'content/aus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.4/ppc64le/sap/os',\n 'content/e4s/rhel8/8.4/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.4/x86_64/appstream/os',\n 'content/e4s/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.4/x86_64/baseos/os',\n 'content/e4s/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap/os',\n 'content/e4s/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/appstream/debug',\n 'content/eus/rhel8/8.4/aarch64/appstream/os',\n 'content/eus/rhel8/8.4/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/baseos/debug',\n 'content/eus/rhel8/8.4/aarch64/baseos/os',\n 'content/eus/rhel8/8.4/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.4/aarch64/highavailability/os',\n 'content/eus/rhel8/8.4/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.4/aarch64/supplementary/os',\n 'content/eus/rhel8/8.4/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.4/ppc64le/appstream/os',\n 'content/eus/rhel8/8.4/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.4/ppc64le/baseos/os',\n 'content/eus/rhel8/8.4/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/sap/debug',\n 'content/eus/rhel8/8.4/ppc64le/sap/os',\n 'content/eus/rhel8/8.4/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/appstream/debug',\n 'content/eus/rhel8/8.4/s390x/appstream/os',\n 'content/eus/rhel8/8.4/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/baseos/debug',\n 'content/eus/rhel8/8.4/s390x/baseos/os',\n 'content/eus/rhel8/8.4/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/highavailability/debug',\n 'content/eus/rhel8/8.4/s390x/highavailability/os',\n 'content/eus/rhel8/8.4/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/sap/debug',\n 'content/eus/rhel8/8.4/s390x/sap/os',\n 'content/eus/rhel8/8.4/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/supplementary/debug',\n 'content/eus/rhel8/8.4/s390x/supplementary/os',\n 'content/eus/rhel8/8.4/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/appstream/debug',\n 'content/eus/rhel8/8.4/x86_64/appstream/os',\n 'content/eus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/baseos/debug',\n 'content/eus/rhel8/8.4/x86_64/baseos/os',\n 'content/eus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.4/x86_64/highavailability/os',\n 'content/eus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap/debug',\n 'content/eus/rhel8/8.4/x86_64/sap/os',\n 'content/eus/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.4/x86_64/supplementary/os',\n 'content/eus/rhel8/8.4/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/appstream/debug',\n 'content/tus/rhel8/8.4/x86_64/appstream/os',\n 'content/tus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/baseos/debug',\n 'content/tus/rhel8/8.4/x86_64/baseos/os',\n 'content/tus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.4/x86_64/highavailability/os',\n 'content/tus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/nfv/debug',\n 'content/tus/rhel8/8.4/x86_64/nfv/os',\n 'content/tus/rhel8/8.4/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/rt/debug',\n 'content/tus/rhel8/8.4/x86_64/rt/os',\n 'content/tus/rhel8/8.4/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'pgaudit-1.4.0-6.module+el8.4.0+11288+c193d6d7', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgres-decoderbufs-0.10.0-2.module+el8.4.0+11288+c193d6d7', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-12.11-2.module+el8.4.0+15406+aeb4ae67', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-contrib-12.11-2.module+el8.4.0+15406+aeb4ae67', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-docs-12.11-2.module+el8.4.0+15406+aeb4ae67', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-plperl-12.11-2.module+el8.4.0+15406+aeb4ae67', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-plpython3-12.11-2.module+el8.4.0+15406+aeb4ae67', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-pltcl-12.11-2.module+el8.4.0+15406+aeb4ae67', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-server-12.11-2.module+el8.4.0+15406+aeb4ae67', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-server-devel-12.11-2.module+el8.4.0+15406+aeb4ae67', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-static-12.11-2.module+el8.4.0+15406+aeb4ae67', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-test-12.11-2.module+el8.4.0+15406+aeb4ae67', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-test-rpm-macros-12.11-2.module+el8.4.0+15406+aeb4ae67', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-upgrade-12.11-2.module+el8.4.0+15406+aeb4ae67', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-upgrade-devel-12.11-2.module+el8.4.0+15406+aeb4ae67', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n ]\n};\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:appstreams, appstreams:TRUE);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar module_ver = get_kb_item('Host/RedHat/appstream/postgresql');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module postgresql:12');\nif ('12' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module postgresql:' + module_ver);\n\nvar flag = 0;\nvar appstreams_found = 0;\nforeach var module (keys(appstreams)) {\n var appstream = NULL;\n var appstream_name = NULL;\n var appstream_version = NULL;\n var appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach var module_array ( appstreams[module] ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(module_array['repo_relative_urls'])) repo_relative_urls = module_array['repo_relative_urls'];\n foreach var package_array ( module_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module postgresql:12');\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support, Extended Update Support, Telco Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'pgaudit / postgres-decoderbufs / postgresql / postgresql-contrib / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-03-11T10:47:04", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:4857 advisory.\n\n - postgresql: Autovacuum, REINDEX, and others omit security restricted operation sandbox (CVE-2022-1552)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-02T00:00:00", "type": "nessus", "title": "RHEL 8 : postgresql:13 (RHSA-2022:4857)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-1552"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:8.4", "cpe:/o:redhat:rhel_e4s:8.4", "cpe:/o:redhat:rhel_eus:8.4", "cpe:/o:redhat:rhel_tus:8.4", "p-cpe:/a:redhat:enterprise_linux:pgaudit", "p-cpe:/a:redhat:enterprise_linux:postgres-decoderbufs", "p-cpe:/a:redhat:enterprise_linux:postgresql", "p-cpe:/a:redhat:enterprise_linux:postgresql-contrib", "p-cpe:/a:redhat:enterprise_linux:postgresql-docs", "p-cpe:/a:redhat:enterprise_linux:postgresql-plperl", "p-cpe:/a:redhat:enterprise_linux:postgresql-plpython3", "p-cpe:/a:redhat:enterprise_linux:postgresql-pltcl", "p-cpe:/a:redhat:enterprise_linux:postgresql-server", "p-cpe:/a:redhat:enterprise_linux:postgresql-server-devel", "p-cpe:/a:redhat:enterprise_linux:postgresql-static", "p-cpe:/a:redhat:enterprise_linux:postgresql-test", "p-cpe:/a:redhat:enterprise_linux:postgresql-test-rpm-macros", "p-cpe:/a:redhat:enterprise_linux:postgresql-upgrade", "p-cpe:/a:redhat:enterprise_linux:postgresql-upgrade-devel"], "id": "REDHAT-RHSA-2022-4857.NASL", "href": "https://www.tenable.com/plugins/nessus/161770", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:4857. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161770);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2022-1552\");\n script_xref(name:\"RHSA\", value:\"2022:4857\");\n script_xref(name:\"IAVB\", value:\"2022-B-0015-S\");\n\n script_name(english:\"RHEL 8 : postgresql:13 (RHSA-2022:4857)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2022:4857 advisory.\n\n - postgresql: Autovacuum, REINDEX, and others omit security restricted operation sandbox (CVE-2022-1552)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1552\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:4857\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2081126\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-1552\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(89, 459, 863);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/05/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/06/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/06/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pgaudit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgres-decoderbufs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-plperl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-plpython3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-pltcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-server-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-test-rpm-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-upgrade\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-upgrade-devel\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '8.4')) audit(AUDIT_OS_NOT, 'Red Hat 8.4', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar appstreams = {\n 'postgresql:13': [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.4/x86_64/appstream/debug',\n 'content/aus/rhel8/8.4/x86_64/appstream/os',\n 'content/aus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.4/x86_64/baseos/debug',\n 'content/aus/rhel8/8.4/x86_64/baseos/os',\n 'content/aus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.4/ppc64le/sap/os',\n 'content/e4s/rhel8/8.4/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.4/x86_64/appstream/os',\n 'content/e4s/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.4/x86_64/baseos/os',\n 'content/e4s/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap/os',\n 'content/e4s/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/appstream/debug',\n 'content/eus/rhel8/8.4/aarch64/appstream/os',\n 'content/eus/rhel8/8.4/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/baseos/debug',\n 'content/eus/rhel8/8.4/aarch64/baseos/os',\n 'content/eus/rhel8/8.4/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.4/aarch64/highavailability/os',\n 'content/eus/rhel8/8.4/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.4/aarch64/supplementary/os',\n 'content/eus/rhel8/8.4/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.4/ppc64le/appstream/os',\n 'content/eus/rhel8/8.4/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.4/ppc64le/baseos/os',\n 'content/eus/rhel8/8.4/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/sap/debug',\n 'content/eus/rhel8/8.4/ppc64le/sap/os',\n 'content/eus/rhel8/8.4/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/appstream/debug',\n 'content/eus/rhel8/8.4/s390x/appstream/os',\n 'content/eus/rhel8/8.4/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/baseos/debug',\n 'content/eus/rhel8/8.4/s390x/baseos/os',\n 'content/eus/rhel8/8.4/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/highavailability/debug',\n 'content/eus/rhel8/8.4/s390x/highavailability/os',\n 'content/eus/rhel8/8.4/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/sap/debug',\n 'content/eus/rhel8/8.4/s390x/sap/os',\n 'content/eus/rhel8/8.4/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/supplementary/debug',\n 'content/eus/rhel8/8.4/s390x/supplementary/os',\n 'content/eus/rhel8/8.4/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/appstream/debug',\n 'content/eus/rhel8/8.4/x86_64/appstream/os',\n 'content/eus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/baseos/debug',\n 'content/eus/rhel8/8.4/x86_64/baseos/os',\n 'content/eus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.4/x86_64/highavailability/os',\n 'content/eus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap/debug',\n 'content/eus/rhel8/8.4/x86_64/sap/os',\n 'content/eus/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.4/x86_64/supplementary/os',\n 'content/eus/rhel8/8.4/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/appstream/debug',\n 'content/tus/rhel8/8.4/x86_64/appstream/os',\n 'content/tus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/baseos/debug',\n 'content/tus/rhel8/8.4/x86_64/baseos/os',\n 'content/tus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.4/x86_64/highavailability/os',\n 'content/tus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/nfv/debug',\n 'content/tus/rhel8/8.4/x86_64/nfv/os',\n 'content/tus/rhel8/8.4/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/rt/debug',\n 'content/tus/rhel8/8.4/x86_64/rt/os',\n 'content/tus/rhel8/8.4/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'pgaudit-1.5.0-1.module+el8.4.0+8873+b821c30a', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgres-decoderbufs-0.10.0-2.module+el8.4.0+8873+b821c30a', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-13.7-2.module+el8.4.0+15346+22c653ca', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-contrib-13.7-2.module+el8.4.0+15346+22c653ca', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-docs-13.7-2.module+el8.4.0+15346+22c653ca', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-plperl-13.7-2.module+el8.4.0+15346+22c653ca', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-plpython3-13.7-2.module+el8.4.0+15346+22c653ca', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-pltcl-13.7-2.module+el8.4.0+15346+22c653ca', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-server-13.7-2.module+el8.4.0+15346+22c653ca', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-server-devel-13.7-2.module+el8.4.0+15346+22c653ca', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-static-13.7-2.module+el8.4.0+15346+22c653ca', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-test-13.7-2.module+el8.4.0+15346+22c653ca', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-test-rpm-macros-13.7-2.module+el8.4.0+15346+22c653ca', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-upgrade-13.7-2.module+el8.4.0+15346+22c653ca', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-upgrade-devel-13.7-2.module+el8.4.0+15346+22c653ca', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n ]\n};\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:appstreams, appstreams:TRUE);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar module_ver = get_kb_item('Host/RedHat/appstream/postgresql');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module postgresql:13');\nif ('13' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module postgresql:' + module_ver);\n\nvar flag = 0;\nvar appstreams_found = 0;\nforeach var module (keys(appstreams)) {\n var appstream = NULL;\n var appstream_name = NULL;\n var appstream_version = NULL;\n var appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach var module_array ( appstreams[module] ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(module_array['repo_relative_urls'])) repo_relative_urls = module_array['repo_relative_urls'];\n foreach var package_array ( module_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module postgresql:13');\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support, Extended Update Support, Telco Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'pgaudit / postgres-decoderbufs / postgresql / postgresql-contrib / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-03-11T08:43:37", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:4855 advisory.\n\n - postgresql: Autovacuum, REINDEX, and others omit security restricted operation sandbox (CVE-2022-1552)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-02T00:00:00", "type": "nessus", "title": "RHEL 8 : postgresql:13 (RHSA-2022:4855)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-1552"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.6", "cpe:/o:redhat:rhel_e4s:8.6", "cpe:/o:redhat:rhel_eus:8.6", "cpe:/o:redhat:rhel_tus:8.6", "p-cpe:/a:redhat:enterprise_linux:pg_repack", "p-cpe:/a:redhat:enterprise_linux:pgaudit", "p-cpe:/a:redhat:enterprise_linux:postgres-decoderbufs", "p-cpe:/a:redhat:enterprise_linux:postgresql", "p-cpe:/a:redhat:enterprise_linux:postgresql-contrib", "p-cpe:/a:redhat:enterprise_linux:postgresql-docs", "p-cpe:/a:redhat:enterprise_linux:postgresql-plperl", "p-cpe:/a:redhat:enterprise_linux:postgresql-plpython3", "p-cpe:/a:redhat:enterprise_linux:postgresql-pltcl", "p-cpe:/a:redhat:enterprise_linux:postgresql-server", "p-cpe:/a:redhat:enterprise_linux:postgresql-server-devel", "p-cpe:/a:redhat:enterprise_linux:postgresql-static", "p-cpe:/a:redhat:enterprise_linux:postgresql-test", "p-cpe:/a:redhat:enterprise_linux:postgresql-test-rpm-macros", "p-cpe:/a:redhat:enterprise_linux:postgresql-upgrade", "p-cpe:/a:redhat:enterprise_linux:postgresql-upgrade-devel"], "id": "REDHAT-RHSA-2022-4855.NASL", "href": "https://www.tenable.com/plugins/nessus/161769", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:4855. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161769);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2022-1552\");\n script_xref(name:\"RHSA\", value:\"2022:4855\");\n script_xref(name:\"IAVB\", value:\"2022-B-0015-S\");\n\n script_name(english:\"RHEL 8 : postgresql:13 (RHSA-2022:4855)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2022:4855 advisory.\n\n - postgresql: Autovacuum, REINDEX, and others omit security restricted operation sandbox (CVE-2022-1552)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1552\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:4855\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2081126\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-1552\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(89, 459, 863);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/05/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/06/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/06/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pg_repack\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pgaudit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgres-decoderbufs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-plperl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-plpython3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-pltcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-server-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-test-rpm-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-upgrade\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-upgrade-devel\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar appstreams = {\n 'postgresql:13': [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.6/x86_64/appstream/debug',\n 'content/aus/rhel8/8.6/x86_64/appstream/os',\n 'content/aus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.6/x86_64/baseos/debug',\n 'content/aus/rhel8/8.6/x86_64/baseos/os',\n 'content/aus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.6/x86_64/appstream/os',\n 'content/e4s/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.6/x86_64/baseos/os',\n 'content/e4s/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap/os',\n 'content/e4s/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/appstream/debug',\n 'content/eus/rhel8/8.6/aarch64/appstream/os',\n 'content/eus/rhel8/8.6/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/baseos/debug',\n 'content/eus/rhel8/8.6/aarch64/baseos/os',\n 'content/eus/rhel8/8.6/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.6/aarch64/highavailability/os',\n 'content/eus/rhel8/8.6/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.6/aarch64/supplementary/os',\n 'content/eus/rhel8/8.6/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.6/ppc64le/appstream/os',\n 'content/eus/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.6/ppc64le/baseos/os',\n 'content/eus/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap/os',\n 'content/eus/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/appstream/debug',\n 'content/eus/rhel8/8.6/s390x/appstream/os',\n 'content/eus/rhel8/8.6/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/baseos/debug',\n 'content/eus/rhel8/8.6/s390x/baseos/os',\n 'content/eus/rhel8/8.6/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/highavailability/debug',\n 'content/eus/rhel8/8.6/s390x/highavailability/os',\n 'content/eus/rhel8/8.6/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/sap/debug',\n 'content/eus/rhel8/8.6/s390x/sap/os',\n 'content/eus/rhel8/8.6/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/supplementary/debug',\n 'content/eus/rhel8/8.6/s390x/supplementary/os',\n 'content/eus/rhel8/8.6/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/appstream/debug',\n 'content/eus/rhel8/8.6/x86_64/appstream/os',\n 'content/eus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/baseos/debug',\n 'content/eus/rhel8/8.6/x86_64/baseos/os',\n 'content/eus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.6/x86_64/highavailability/os',\n 'content/eus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap/debug',\n 'content/eus/rhel8/8.6/x86_64/sap/os',\n 'content/eus/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.6/x86_64/supplementary/os',\n 'content/eus/rhel8/8.6/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/appstream/debug',\n 'content/tus/rhel8/8.6/x86_64/appstream/os',\n 'content/tus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/baseos/debug',\n 'content/tus/rhel8/8.6/x86_64/baseos/os',\n 'content/tus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.6/x86_64/highavailability/os',\n 'content/tus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/rt/os',\n 'content/tus/rhel8/8.6/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'pg_repack-1.4.6-3.module+el8.5.0+11357+bcc62552', 'sp':'6', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pgaudit-1.5.0-1.module+el8.4.0+8873+b821c30a', 'sp':'6', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgres-decoderbufs-0.10.0-2.module+el8.4.0+8873+b821c30a', 'sp':'6', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-13.7-2.module+el8.6.0+15347+b8eabcef', 'sp':'6', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-contrib-13.7-2.module+el8.6.0+15347+b8eabcef', 'sp':'6', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-docs-13.7-2.module+el8.6.0+15347+b8eabcef', 'sp':'6', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-plperl-13.7-2.module+el8.6.0+15347+b8eabcef', 'sp':'6', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-plpython3-13.7-2.module+el8.6.0+15347+b8eabcef', 'sp':'6', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-pltcl-13.7-2.module+el8.6.0+15347+b8eabcef', 'sp':'6', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-server-13.7-2.module+el8.6.0+15347+b8eabcef', 'sp':'6', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-server-devel-13.7-2.module+el8.6.0+15347+b8eabcef', 'sp':'6', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-static-13.7-2.module+el8.6.0+15347+b8eabcef', 'sp':'6', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-test-13.7-2.module+el8.6.0+15347+b8eabcef', 'sp':'6', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-test-rpm-macros-13.7-2.module+el8.6.0+15347+b8eabcef', 'sp':'6', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-upgrade-13.7-2.module+el8.6.0+15347+b8eabcef', 'sp':'6', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-upgrade-devel-13.7-2.module+el8.6.0+15347+b8eabcef', 'sp':'6', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/aarch64/appstream/debug',\n 'content/dist/rhel8/8/aarch64/appstream/os',\n 'content/dist/rhel8/8/aarch64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/baseos/debug',\n 'content/dist/rhel8/8/aarch64/baseos/os',\n 'content/dist/rhel8/8/aarch64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/codeready-builder/debug',\n 'content/dist/rhel8/8/aarch64/codeready-builder/os',\n 'content/dist/rhel8/8/aarch64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/highavailability/debug',\n 'content/dist/rhel8/8/aarch64/highavailability/os',\n 'content/dist/rhel8/8/aarch64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/supplementary/debug',\n 'content/dist/rhel8/8/aarch64/supplementary/os',\n 'content/dist/rhel8/8/aarch64/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/appstream/debug',\n 'content/dist/rhel8/8/ppc64le/appstream/os',\n 'content/dist/rhel8/8/ppc64le/appstream/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/baseos/debug',\n 'content/dist/rhel8/8/ppc64le/baseos/os',\n 'content/dist/rhel8/8/ppc64le/baseos/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/debug',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/os',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/highavailability/debug',\n 'content/dist/rhel8/8/ppc64le/highavailability/os',\n 'content/dist/rhel8/8/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/debug',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/os',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/debug',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/os',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap/debug',\n 'content/dist/rhel8/8/ppc64le/sap/os',\n 'content/dist/rhel8/8/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/supplementary/debug',\n 'content/dist/rhel8/8/ppc64le/supplementary/os',\n 'content/dist/rhel8/8/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/s390x/appstream/debug',\n 'content/dist/rhel8/8/s390x/appstream/os',\n 'content/dist/rhel8/8/s390x/appstream/source/SRPMS',\n 'content/dist/rhel8/8/s390x/baseos/debug',\n 'content/dist/rhel8/8/s390x/baseos/os',\n 'content/dist/rhel8/8/s390x/baseos/source/SRPMS',\n 'content/dist/rhel8/8/s390x/codeready-builder/debug',\n 'content/dist/rhel8/8/s390x/codeready-builder/os',\n 'content/dist/rhel8/8/s390x/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/s390x/highavailability/debug',\n 'content/dist/rhel8/8/s390x/highavailability/os',\n 'content/dist/rhel8/8/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/s390x/resilientstorage/debug',\n 'content/dist/rhel8/8/s390x/resilientstorage/os',\n 'content/dist/rhel8/8/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/s390x/sap/debug',\n 'content/dist/rhel8/8/s390x/sap/os',\n 'content/dist/rhel8/8/s390x/sap/source/SRPMS',\n 'content/dist/rhel8/8/s390x/supplementary/debug',\n 'content/dist/rhel8/8/s390x/supplementary/os',\n 'content/dist/rhel8/8/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'pg_repack-1.4.6-3.module+el8.5.0+11357+bcc62552', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pgaudit-1.5.0-1.module+el8.4.0+8873+b821c30a', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgres-decoderbufs-0.10.0-2.module+el8.4.0+8873+b821c30a', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-13.7-2.module+el8.6.0+15347+b8eabcef', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-contrib-13.7-2.module+el8.6.0+15347+b8eabcef', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-docs-13.7-2.module+el8.6.0+15347+b8eabcef', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-plperl-13.7-2.module+el8.6.0+15347+b8eabcef', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-plpython3-13.7-2.module+el8.6.0+15347+b8eabcef', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-pltcl-13.7-2.module+el8.6.0+15347+b8eabcef', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-server-13.7-2.module+el8.6.0+15347+b8eabcef', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-server-devel-13.7-2.module+el8.6.0+15347+b8eabcef', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-static-13.7-2.module+el8.6.0+15347+b8eabcef', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-test-13.7-2.module+el8.6.0+15347+b8eabcef', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-test-rpm-macros-13.7-2.module+el8.6.0+15347+b8eabcef', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-upgrade-13.7-2.module+el8.6.0+15347+b8eabcef', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-upgrade-devel-13.7-2.module+el8.6.0+15347+b8eabcef', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n ]\n};\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:appstreams, appstreams:TRUE);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar module_ver = get_kb_item('Host/RedHat/appstream/postgresql');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module postgresql:13');\nif ('13' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module postgresql:' + module_ver);\n\nvar flag = 0;\nvar appstreams_found = 0;\nforeach var module (keys(appstreams)) {\n var appstream = NULL;\n var appstream_name = NULL;\n var appstream_version = NULL;\n var appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach var module_array ( appstreams[module] ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(module_array['repo_relative_urls'])) repo_relative_urls = module_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var package_array ( module_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp']) && !enterprise_linux_flag) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module postgresql:13');\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'pg_repack / pgaudit / postgres-decoderbufs / postgresql / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-03-11T22:24:22", "description": "The remote SUSE Linux SLED15 / SLES15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:1895-1 advisory.\n\n - A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck commands activated relevant protections too late or not at all during the process. This flaw allows an attacker with permission to create non-temporary objects in at least one schema to execute arbitrary SQL functions under a superuser identity. (CVE-2022-1552)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-01T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 / openSUSE 15 Security Update : postgresql13 (SUSE-SU-2022:1895-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-1552"], "modified": "2023-02-08T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:postgresql13", "p-cpe:/a:novell:suse_linux:postgresql13-contrib", "p-cpe:/a:novell:suse_linux:postgresql13-devel", "p-cpe:/a:novell:suse_linux:postgresql13-docs", "p-cpe:/a:novell:suse_linux:postgresql13-llvmjit", "p-cpe:/a:novell:suse_linux:postgresql13-llvmjit-devel", "p-cpe:/a:novell:suse_linux:postgresql13-plperl", "p-cpe:/a:novell:suse_linux:postgresql13-plpython", "p-cpe:/a:novell:suse_linux:postgresql13-pltcl", "p-cpe:/a:novell:suse_linux:postgresql13-server", "p-cpe:/a:novell:suse_linux:postgresql13-server-devel", "p-cpe:/a:novell:suse_linux:postgresql13-test", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-1895-1.NASL", "href": "https://www.tenable.com/plugins/nessus/161736", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:1895-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161736);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/08\");\n\n script_cve_id(\"CVE-2022-1552\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:1895-1\");\n script_xref(name:\"IAVB\", value:\"2022-B-0015-S\");\n\n script_name(english:\"SUSE SLED15 / SLES15 / openSUSE 15 Security Update : postgresql13 (SUSE-SU-2022:1895-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLED15 / SLES15 / openSUSE 15 host has packages installed that are affected by a vulnerability as\nreferenced in the SUSE-SU-2022:1895-1 advisory.\n\n - A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a\n privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH\n MATERIALIZED VIEW, CLUSTER, and pg_amcheck commands activated relevant protections too late or not at all\n during the process. This flaw allows an attacker with permission to create non-temporary objects in at\n least one schema to execute arbitrary SQL functions under a superuser identity. (CVE-2022-1552)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199475\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-May/011209.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8aea7da7\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1552\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-1552\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/05/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/06/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:postgresql13\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:postgresql13-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:postgresql13-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:postgresql13-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:postgresql13-llvmjit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:postgresql13-llvmjit-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:postgresql13-plperl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:postgresql13-plpython\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:postgresql13-pltcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:postgresql13-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:postgresql13-server-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:postgresql13-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES|SUSE)\") audit(AUDIT_OS_NOT, \"SUSE / openSUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+|SUSE([\\d.]+))\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE / openSUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15|SUSE15\\.3|SUSE15\\.4)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED15 / SLES15 / openSUSE 15', 'SUSE / openSUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE / openSUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLED15 SP3\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2|3|4)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP2/3/4\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'postgresql13-13.7-150200.5.28.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.2', 'SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2']},\n {'reference':'postgresql13-contrib-13.7-150200.5.28.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.2', 'SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2']},\n {'reference':'postgresql13-devel-13.7-150200.5.28.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.2', 'SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2']},\n {'reference':'postgresql13-docs-13.7-150200.5.28.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.2', 'SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2']},\n {'reference':'postgresql13-plperl-13.7-150200.5.28.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.2', 'SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2']},\n {'reference':'postgresql13-plpython-13.7-150200.5.28.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.2', 'SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2']},\n {'reference':'postgresql13-pltcl-13.7-150200.5.28.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.2', 'SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2']},\n {'reference':'postgresql13-server-13.7-150200.5.28.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.2', 'SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2']},\n {'reference':'postgresql13-server-devel-13.7-150200.5.28.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.2', 'SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2']},\n {'reference':'postgresql13-13.7-150200.5.28.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'postgresql13-13.7-150200.5.28.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'postgresql13-contrib-13.7-150200.5.28.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-server-applications-release-15.3', 'sles-release-15.3']},\n {'reference':'postgresql13-devel-13.7-150200.5.28.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-server-applications-release-15.3', 'sles-release-15.3']},\n {'reference':'postgresql13-docs-13.7-150200.5.28.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-server-applications-release-15.3', 'sles-release-15.3']},\n {'reference':'postgresql13-llvmjit-13.7-150200.5.28.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-packagehub-subpackages-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'postgresql13-llvmjit-13.7-150200.5.28.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-packagehub-subpackages-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'postgresql13-plperl-13.7-150200.5.28.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-server-applications-release-15.3', 'sles-release-15.3']},\n {'reference':'postgresql13-plpython-13.7-150200.5.28.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-server-applications-release-15.3', 'sles-release-15.3']},\n {'reference':'postgresql13-pltcl-13.7-150200.5.28.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-server-applications-release-15.3', 'sles-release-15.3']},\n {'reference':'postgresql13-server-13.7-150200.5.28.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-server-applications-release-15.3', 'sles-release-15.3']},\n {'reference':'postgresql13-server-devel-13.7-150200.5.28.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-server-applications-release-15.3', 'sles-release-15.3']},\n {'reference':'postgresql13-test-13.7-150200.5.28.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-packagehub-subpackages-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'postgresql13-test-13.7-150200.5.28.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-packagehub-subpackages-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'postgresql13-13.7-150200.5.28.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-legacy-release-15.4', 'sles-release-15.4']},\n {'reference':'postgresql13-contrib-13.7-150200.5.28.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-legacy-release-15.4', 'sles-release-15.4']},\n {'reference':'postgresql13-devel-13.7-150200.5.28.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-legacy-release-15.4', 'sles-release-15.4']},\n {'reference':'postgresql13-docs-13.7-150200.5.28.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-legacy-release-15.4', 'sles-release-15.4']},\n {'reference':'postgresql13-llvmjit-13.7-150200.5.28.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-legacy-release-15.4', 'sles-release-15.4']},\n {'reference':'postgresql13-llvmjit-devel-13.7-150200.5.28.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-legacy-release-15.4', 'sles-release-15.4']},\n {'reference':'postgresql13-plperl-13.7-150200.5.28.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-legacy-release-15.4', 'sles-release-15.4']},\n {'reference':'postgresql13-plpython-13.7-150200.5.28.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-legacy-release-15.4', 'sles-release-15.4']},\n {'reference':'postgresql13-pltcl-13.7-150200.5.28.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-legacy-release-15.4', 'sles-release-15.4']},\n {'reference':'postgresql13-server-13.7-150200.5.28.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-legacy-release-15.4', 'sles-release-15.4']},\n {'reference':'postgresql13-server-devel-13.7-150200.5.28.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-legacy-release-15.4', 'sles-release-15.4']},\n {'reference':'postgresql13-13.7-150200.5.28.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'postgresql13-contrib-13.7-150200.5.28.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'postgresql13-devel-13.7-150200.5.28.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'postgresql13-plperl-13.7-150200.5.28.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'postgresql13-plpython-13.7-150200.5.28.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'postgresql13-pltcl-13.7-150200.5.28.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'postgresql13-server-13.7-150200.5.28.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'postgresql13-server-devel-13.7-150200.5.28.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'postgresql13-13.7-150200.5.28.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'postgresql13-13.7-150200.5.28.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'postgresql13-contrib-13.7-150200.5.28.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'postgresql13-contrib-13.7-150200.5.28.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'postgresql13-devel-13.7-150200.5.28.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'postgresql13-devel-13.7-150200.5.28.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'postgresql13-docs-13.7-150200.5.28.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2', 'sles-ltss-release-15.2']},\n {'reference':'postgresql13-plperl-13.7-150200.5.28.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'postgresql13-plperl-13.7-150200.5.28.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'postgresql13-plpython-13.7-150200.5.28.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'postgresql13-plpython-13.7-150200.5.28.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'postgresql13-pltcl-13.7-150200.5.28.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'postgresql13-pltcl-13.7-150200.5.28.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'postgresql13-server-13.7-150200.5.28.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'postgresql13-server-13.7-150200.5.28.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'postgresql13-server-devel-13.7-150200.5.28.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'postgresql13-server-devel-13.7-150200.5.28.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'postgresql13-13.7-150200.5.28.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'postgresql13-contrib-13.7-150200.5.28.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'postgresql13-devel-13.7-150200.5.28.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'postgresql13-docs-13.7-150200.5.28.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'postgresql13-llvmjit-13.7-150200.5.28.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'postgresql13-plperl-13.7-150200.5.28.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'postgresql13-plpython-13.7-150200.5.28.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'postgresql13-pltcl-13.7-150200.5.28.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'postgresql13-server-13.7-150200.5.28.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'postgresql13-server-devel-13.7-150200.5.28.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'postgresql13-test-13.7-150200.5.28.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'postgresql13-13.7-150200.5.28.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'postgresql13-contrib-13.7-150200.5.28.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'postgresql13-devel-13.7-150200.5.28.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'postgresql13-docs-13.7-150200.5.28.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'postgresql13-llvmjit-13.7-150200.5.28.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'postgresql13-llvmjit-devel-13.7-150200.5.28.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'postgresql13-plperl-13.7-150200.5.28.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'postgresql13-plpython-13.7-150200.5.28.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'postgresql13-pltcl-13.7-150200.5.28.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'postgresql13-server-13.7-150200.5.28.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'postgresql13-server-devel-13.7-150200.5.28.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'postgresql13-test-13.7-150200.5.28.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'postgresql13-13.7-150200.5.28.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'postgresql13-contrib-13.7-150200.5.28.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'postgresql13-devel-13.7-150200.5.28.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'postgresql13-plperl-13.7-150200.5.28.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'postgresql13-plpython-13.7-150200.5.28.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'postgresql13-pltcl-13.7-150200.5.28.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'postgresql13-server-13.7-150200.5.28.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'postgresql13-server-devel-13.7-150200.5.28.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'postgresql13 / postgresql13-contrib / postgresql13-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-03-11T18:26:46", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:4893 advisory.\n\n - postgresql: Autovacuum, REINDEX, and others omit security restricted operation sandbox (CVE-2022-1552)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-04T00:00:00", "type": "nessus", "title": "RHEL 8 : postgresql:12 (RHSA-2022:4893)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-1552"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:8.2", "cpe:/o:redhat:rhel_e4s:8.2", "cpe:/o:redhat:rhel_eus:8.2", "cpe:/o:redhat:rhel_tus:8.2", "p-cpe:/a:redhat:enterprise_linux:pgaudit", "p-cpe:/a:redhat:enterprise_linux:postgres-decoderbufs", "p-cpe:/a:redhat:enterprise_linux:postgresql", "p-cpe:/a:redhat:enterprise_linux:postgresql-contrib", "p-cpe:/a:redhat:enterprise_linux:postgresql-docs", "p-cpe:/a:redhat:enterprise_linux:postgresql-plperl", "p-cpe:/a:redhat:enterprise_linux:postgresql-plpython3", "p-cpe:/a:redhat:enterprise_linux:postgresql-pltcl", "p-cpe:/a:redhat:enterprise_linux:postgresql-server", "p-cpe:/a:redhat:enterprise_linux:postgresql-server-devel", "p-cpe:/a:redhat:enterprise_linux:postgresql-static", "p-cpe:/a:redhat:enterprise_linux:postgresql-test", "p-cpe:/a:redhat:enterprise_linux:postgresql-test-rpm-macros", "p-cpe:/a:redhat:enterprise_linux:postgresql-upgrade", "p-cpe:/a:redhat:enterprise_linux:postgresql-upgrade-devel"], "id": "REDHAT-RHSA-2022-4893.NASL", "href": "https://www.tenable.com/plugins/nessus/161835", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:4893. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161835);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2022-1552\");\n script_xref(name:\"RHSA\", value:\"2022:4893\");\n script_xref(name:\"IAVB\", value:\"2022-B-0015-S\");\n\n script_name(english:\"RHEL 8 : postgresql:12 (RHSA-2022:4893)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2022:4893 advisory.\n\n - postgresql: Autovacuum, REINDEX, and others omit security restricted operation sandbox (CVE-2022-1552)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1552\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:4893\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2081126\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-1552\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(89, 459, 863);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/05/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/06/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/06/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pgaudit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgres-decoderbufs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-plperl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-plpython3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-pltcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-server-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-test-rpm-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-upgrade\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-upgrade-devel\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '8.2')) audit(AUDIT_OS_NOT, 'Red Hat 8.2', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar appstreams = {\n 'postgresql:12': [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.2/x86_64/appstream/debug',\n 'content/aus/rhel8/8.2/x86_64/appstream/os',\n 'content/aus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.2/x86_64/baseos/debug',\n 'content/aus/rhel8/8.2/x86_64/baseos/os',\n 'content/aus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.2/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.2/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.2/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.2/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.2/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.2/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.2/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.2/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.2/ppc64le/sap/os',\n 'content/e4s/rhel8/8.2/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.2/x86_64/appstream/os',\n 'content/e4s/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.2/x86_64/baseos/os',\n 'content/e4s/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/sap/debug',\n 'content/e4s/rhel8/8.2/x86_64/sap/os',\n 'content/e4s/rhel8/8.2/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/appstream/debug',\n 'content/eus/rhel8/8.2/aarch64/appstream/os',\n 'content/eus/rhel8/8.2/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/baseos/debug',\n 'content/eus/rhel8/8.2/aarch64/baseos/os',\n 'content/eus/rhel8/8.2/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.2/aarch64/highavailability/os',\n 'content/eus/rhel8/8.2/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.2/aarch64/supplementary/os',\n 'content/eus/rhel8/8.2/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.2/ppc64le/appstream/os',\n 'content/eus/rhel8/8.2/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.2/ppc64le/baseos/os',\n 'content/eus/rhel8/8.2/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.2/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.2/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.2/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.2/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.2/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.2/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.2/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.2/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/sap/debug',\n 'content/eus/rhel8/8.2/ppc64le/sap/os',\n 'content/eus/rhel8/8.2/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.2/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.2/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/appstream/debug',\n 'content/eus/rhel8/8.2/s390x/appstream/os',\n 'content/eus/rhel8/8.2/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/baseos/debug',\n 'content/eus/rhel8/8.2/s390x/baseos/os',\n 'content/eus/rhel8/8.2/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.2/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.2/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/highavailability/debug',\n 'content/eus/rhel8/8.2/s390x/highavailability/os',\n 'content/eus/rhel8/8.2/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.2/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.2/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/sap/debug',\n 'content/eus/rhel8/8.2/s390x/sap/os',\n 'content/eus/rhel8/8.2/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/supplementary/debug',\n 'content/eus/rhel8/8.2/s390x/supplementary/os',\n 'content/eus/rhel8/8.2/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/appstream/debug',\n 'content/eus/rhel8/8.2/x86_64/appstream/os',\n 'content/eus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/baseos/debug',\n 'content/eus/rhel8/8.2/x86_64/baseos/os',\n 'content/eus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.2/x86_64/highavailability/os',\n 'content/eus/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/sap/debug',\n 'content/eus/rhel8/8.2/x86_64/sap/os',\n 'content/eus/rhel8/8.2/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.2/x86_64/supplementary/os',\n 'content/eus/rhel8/8.2/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/appstream/debug',\n 'content/tus/rhel8/8.2/x86_64/appstream/os',\n 'content/tus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/baseos/debug',\n 'content/tus/rhel8/8.2/x86_64/baseos/os',\n 'content/tus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.2/x86_64/highavailability/os',\n 'content/tus/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/nfv/debug',\n 'content/tus/rhel8/8.2/x86_64/nfv/os',\n 'content/tus/rhel8/8.2/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/rt/debug',\n 'content/tus/rhel8/8.2/x86_64/rt/os',\n 'content/tus/rhel8/8.2/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'pgaudit-1.4.0-4.module+el8.2.0+9043+1dbb5661', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgres-decoderbufs-0.10.0-2.module+el8.2.0+9043+1dbb5661', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-12.11-2.module+el8.2.0+15343+06a38260', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-contrib-12.11-2.module+el8.2.0+15343+06a38260', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-docs-12.11-2.module+el8.2.0+15343+06a38260', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-plperl-12.11-2.module+el8.2.0+15343+06a38260', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-plpython3-12.11-2.module+el8.2.0+15343+06a38260', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-pltcl-12.11-2.module+el8.2.0+15343+06a38260', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-server-12.11-2.module+el8.2.0+15343+06a38260', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-server-devel-12.11-2.module+el8.2.0+15343+06a38260', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-static-12.11-2.module+el8.2.0+15343+06a38260', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-test-12.11-2.module+el8.2.0+15343+06a38260', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-test-rpm-macros-12.11-2.module+el8.2.0+15343+06a38260', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-upgrade-12.11-2.module+el8.2.0+15343+06a38260', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-upgrade-devel-12.11-2.module+el8.2.0+15343+06a38260', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n ]\n};\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:appstreams, appstreams:TRUE);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar module_ver = get_kb_item('Host/RedHat/appstream/postgresql');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module postgresql:12');\nif ('12' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module postgresql:' + module_ver);\n\nvar flag = 0;\nvar appstreams_found = 0;\nforeach var module (keys(appstreams)) {\n var appstream = NULL;\n var appstream_name = NULL;\n var appstream_version = NULL;\n var appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach var module_array ( appstreams[module] ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(module_array['repo_relative_urls'])) repo_relative_urls = module_array['repo_relative_urls'];\n foreach var package_array ( module_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module postgresql:12');\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support, Extended Update Support, Telco Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'pgaudit / postgres-decoderbufs / postgresql / postgresql-contrib / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-03-11T15:54:45", "description": "The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-4805 advisory.\n\n - postgresql: Autovacuum, REINDEX, and others omit security restricted operation sandbox (CVE-2022-1552)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-01T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : postgresql:10 (ELSA-2022-4805)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-1552"], "modified": "2022-12-09T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:postgresql", "p-cpe:/a:oracle:linux:postgresql-contrib", "p-cpe:/a:oracle:linux:postgresql-docs", "p-cpe:/a:oracle:linux:postgresql-plperl", "p-cpe:/a:oracle:linux:postgresql-plpython3", "p-cpe:/a:oracle:linux:postgresql-pltcl", "p-cpe:/a:oracle:linux:postgresql-server", "p-cpe:/a:oracle:linux:postgresql-server-devel", "p-cpe:/a:oracle:linux:postgresql-static", "p-cpe:/a:oracle:linux:postgresql-test", "p-cpe:/a:oracle:linux:postgresql-test-rpm-macros", "p-cpe:/a:oracle:linux:postgresql-upgrade", "p-cpe:/a:oracle:linux:postgresql-upgrade-devel"], "id": "ORACLELINUX_ELSA-2022-4805.NASL", "href": "https://www.tenable.com/plugins/nessus/161764", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-4805.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161764);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/09\");\n\n script_cve_id(\"CVE-2022-1552\");\n script_xref(name:\"IAVB\", value:\"2022-B-0015-S\");\n\n script_name(english:\"Oracle Linux 8 : postgresql:10 (ELSA-2022-4805)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the\nELSA-2022-4805 advisory.\n\n - postgresql: Autovacuum, REINDEX, and others omit security restricted operation sandbox (CVE-2022-1552)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-4805.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-1552\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/05/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/06/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/06/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-plperl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-plpython3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-pltcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-server-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-test-rpm-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-upgrade\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-upgrade-devel\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar module_ver = get_kb_item('Host/RedHat/appstream/postgresql');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module postgresql:10');\nif ('10' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module postgresql:' + module_ver);\n\nvar appstreams = {\n 'postgresql:10': [\n {'reference':'postgresql-10.21-2.module+el8.6.0+20673+e7bc7ac8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-10.21-2.module+el8.6.0+20673+e7bc7ac8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-contrib-10.21-2.module+el8.6.0+20673+e7bc7ac8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-contrib-10.21-2.module+el8.6.0+20673+e7bc7ac8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-docs-10.21-2.module+el8.6.0+20673+e7bc7ac8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-docs-10.21-2.module+el8.6.0+20673+e7bc7ac8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-plperl-10.21-2.module+el8.6.0+20673+e7bc7ac8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-plperl-10.21-2.module+el8.6.0+20673+e7bc7ac8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-plpython3-10.21-2.module+el8.6.0+20673+e7bc7ac8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-plpython3-10.21-2.module+el8.6.0+20673+e7bc7ac8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-pltcl-10.21-2.module+el8.6.0+20673+e7bc7ac8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-pltcl-10.21-2.module+el8.6.0+20673+e7bc7ac8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-server-10.21-2.module+el8.6.0+20673+e7bc7ac8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-server-10.21-2.module+el8.6.0+20673+e7bc7ac8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-server-devel-10.21-2.module+el8.6.0+20673+e7bc7ac8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-server-devel-10.21-2.module+el8.6.0+20673+e7bc7ac8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-static-10.21-2.module+el8.6.0+20673+e7bc7ac8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-static-10.21-2.module+el8.6.0+20673+e7bc7ac8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-test-10.21-2.module+el8.6.0+20673+e7bc7ac8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-test-10.21-2.module+el8.6.0+20673+e7bc7ac8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-test-rpm-macros-10.21-2.module+el8.6.0+20673+e7bc7ac8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-test-rpm-macros-10.21-2.module+el8.6.0+20673+e7bc7ac8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-upgrade-10.21-2.module+el8.6.0+20673+e7bc7ac8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-upgrade-10.21-2.module+el8.6.0+20673+e7bc7ac8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-upgrade-devel-10.21-2.module+el8.6.0+20673+e7bc7ac8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-upgrade-devel-10.21-2.module+el8.6.0+20673+e7bc7ac8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n};\n\nvar flag = 0;\nvar appstreams_found = 0;\nforeach var module (keys(appstreams)) {\n var appstream = NULL;\n var appstream_name = NULL;\n var appstream_version = NULL;\n var appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach var package_array ( appstreams[module] ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module postgresql:10');\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'postgresql / postgresql-contrib / postgresql-docs / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-03-11T17:32:30", "description": "The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:1890-1 advisory.\n\n - A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck commands activated relevant protections too late or not at all during the process. This flaw allows an attacker with permission to create non-temporary objects in at least one schema to execute arbitrary SQL functions under a superuser identity. (CVE-2022-1552)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-01T00:00:00", "type": "nessus", "title": "SUSE SLES15 / openSUSE 15 Security Update : postgresql10 (SUSE-SU-2022:1890-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-1552"], "modified": "2023-02-08T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:postgresql10", "p-cpe:/a:novell:suse_linux:postgresql10-contrib", "p-cpe:/a:novell:suse_linux:postgresql10-devel", "p-cpe:/a:novell:suse_linux:postgresql10-docs", "p-cpe:/a:novell:suse_linux:postgresql10-plperl", "p-cpe:/a:novell:suse_linux:postgresql10-plpython", "p-cpe:/a:novell:suse_linux:postgresql10-pltcl", "p-cpe:/a:novell:suse_linux:postgresql10-server", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-1890-1.NASL", "href": "https://www.tenable.com/plugins/nessus/161742", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:1890-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161742);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/08\");\n\n script_cve_id(\"CVE-2022-1552\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:1890-1\");\n script_xref(name:\"IAVB\", value:\"2022-B-0015-S\");\n\n script_name(english:\"SUSE SLES15 / openSUSE 15 Security Update : postgresql10 (SUSE-SU-2022:1890-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by a vulnerability as\nreferenced in the SUSE-SU-2022:1890-1 advisory.\n\n - A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a\n privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH\n MATERIALIZED VIEW, CLUSTER, and pg_amcheck commands activated relevant protections too late or not at all\n during the process. This flaw allows an attacker with permission to create non-temporary objects in at\n least one schema to execute arbitrary SQL functions under a superuser identity. (CVE-2022-1552)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199475\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-May/011202.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?92bf25f6\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1552\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-1552\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/05/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/06/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:postgresql10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:postgresql10-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:postgresql10-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:postgresql10-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:postgresql10-plperl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:postgresql10-plpython\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:postgresql10-pltcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:postgresql10-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES|SUSE)\") audit(AUDIT_OS_NOT, \"SUSE / openSUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+|SUSE([\\d.]+))\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE / openSUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15|SUSE15\\.3|SUSE15\\.4)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15 / openSUSE 15', 'SUSE / openSUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE / openSUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1|2|3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP1/2/3\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'postgresql10-10.21-150100.8.47.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.1', 'SLES_SAP-release-15.1', 'SLE_HPC-ESPOS-release-1']},\n {'reference':'postgresql10-contrib-10.21-150100.8.47.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.1', 'SLES_SAP-release-15.1', 'SLE_HPC-ESPOS-release-1']},\n {'reference':'postgresql10-devel-10.21-150100.8.47.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.1', 'SLES_SAP-release-15.1', 'SLE_HPC-ESPOS-release-1']},\n {'reference':'postgresql10-docs-10.21-150100.8.47.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.1', 'SLES_SAP-release-15.1', 'SLE_HPC-ESPOS-release-1']},\n {'reference':'postgresql10-plperl-10.21-150100.8.47.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.1', 'SLES_SAP-release-15.1', 'SLE_HPC-ESPOS-release-1']},\n {'reference':'postgresql10-plpython-10.21-150100.8.47.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.1', 'SLES_SAP-release-15.1', 'SLE_HPC-ESPOS-release-1']},\n {'reference':'postgresql10-pltcl-10.21-150100.8.47.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.1', 'SLES_SAP-release-15.1', 'SLE_HPC-ESPOS-release-1']},\n {'reference':'postgresql10-server-10.21-150100.8.47.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.1', 'SLES_SAP-release-15.1', 'SLE_HPC-ESPOS-release-1']},\n {'reference':'postgresql10-10.21-150100.8.47.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.2', 'SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2']},\n {'reference':'postgresql10-contrib-10.21-150100.8.47.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.2', 'SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2']},\n {'reference':'postgresql10-devel-10.21-150100.8.47.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.2', 'SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2']},\n {'reference':'postgresql10-docs-10.21-150100.8.47.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.2', 'SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2']},\n {'reference':'postgresql10-plperl-10.21-150100.8.47.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.2', 'SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2']},\n {'reference':'postgresql10-plpython-10.21-150100.8.47.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.2', 'SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2']},\n {'reference':'postgresql10-pltcl-10.21-150100.8.47.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.2', 'SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2']},\n {'reference':'postgresql10-server-10.21-150100.8.47.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.2', 'SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2']},\n {'reference':'postgresql10-10.21-150100.8.47.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-legacy-release-15.3', 'sles-release-15.3']},\n {'reference':'postgresql10-contrib-10.21-150100.8.47.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-legacy-release-15.3', 'sles-release-15.3']},\n {'reference':'postgresql10-devel-10.21-150100.8.47.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-legacy-release-15.3', 'sles-release-15.3']},\n {'reference':'postgresql10-plperl-10.21-150100.8.47.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-legacy-release-15.3', 'sles-release-15.3']},\n {'reference':'postgresql10-plpython-10.21-150100.8.47.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-legacy-release-15.3', 'sles-release-15.3']},\n {'reference':'postgresql10-pltcl-10.21-150100.8.47.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-legacy-release-15.3', 'sles-release-15.3']},\n {'reference':'postgresql10-server-10.21-150100.8.47.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-legacy-release-15.3', 'sles-release-15.3']},\n {'reference':'postgresql10-10.21-150100.8.47.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'postgresql10-contrib-10.21-150100.8.47.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'postgresql10-devel-10.21-150100.8.47.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'postgresql10-plperl-10.21-150100.8.47.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'postgresql10-plpython-10.21-150100.8.47.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'postgresql10-pltcl-10.21-150100.8.47.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'postgresql10-server-10.21-150100.8.47.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'postgresql10-10.21-150100.8.47.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'postgresql10-contrib-10.21-150100.8.47.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'postgresql10-devel-10.21-150100.8.47.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'postgresql10-plperl-10.21-150100.8.47.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'postgresql10-plpython-10.21-150100.8.47.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'postgresql10-pltcl-10.21-150100.8.47.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'postgresql10-server-10.21-150100.8.47.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'postgresql10-10.21-150100.8.47.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'postgresql10-10.21-150100.8.47.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'postgresql10-contrib-10.21-150100.8.47.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'postgresql10-contrib-10.21-150100.8.47.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'postgresql10-devel-10.21-150100.8.47.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'postgresql10-devel-10.21-150100.8.47.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'postgresql10-docs-10.21-150100.8.47.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1', 'sles-ltss-release-15.1']},\n {'reference':'postgresql10-plperl-10.21-150100.8.47.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'postgresql10-plperl-10.21-150100.8.47.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'postgresql10-plpython-10.21-150100.8.47.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'postgresql10-plpython-10.21-150100.8.47.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'postgresql10-pltcl-10.21-150100.8.47.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'postgresql10-pltcl-10.21-150100.8.47.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'postgresql10-server-10.21-150100.8.47.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'postgresql10-server-10.21-150100.8.47.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'postgresql10-10.21-150100.8.47.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'postgresql10-10.21-150100.8.47.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'postgresql10-contrib-10.21-150100.8.47.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'postgresql10-contrib-10.21-150100.8.47.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'postgresql10-devel-10.21-150100.8.47.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'postgresql10-devel-10.21-150100.8.47.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'postgresql10-docs-10.21-150100.8.47.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2', 'sles-ltss-release-15.2']},\n {'reference':'postgresql10-plperl-10.21-150100.8.47.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'postgresql10-plperl-10.21-150100.8.47.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'postgresql10-plpython-10.21-150100.8.47.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'postgresql10-plpython-10.21-150100.8.47.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'postgresql10-pltcl-10.21-150100.8.47.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'postgresql10-pltcl-10.21-150100.8.47.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'postgresql10-server-10.21-150100.8.47.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'postgresql10-server-10.21-150100.8.47.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'postgresql10-10.21-150100.8.47.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'postgresql10-contrib-10.21-150100.8.47.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'postgresql10-docs-10.21-150100.8.47.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'postgresql10-plperl-10.21-150100.8.47.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'postgresql10-plpython-10.21-150100.8.47.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'postgresql10-pltcl-10.21-150100.8.47.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'postgresql10-server-10.21-150100.8.47.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'postgresql10-test-10.21-150100.8.47.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'postgresql10-10.21-150100.8.47.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'postgresql10-contrib-10.21-150100.8.47.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'postgresql10-docs-10.21-150100.8.47.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'postgresql10-llvmjit-devel-10.21-150100.8.47.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'postgresql10-plperl-10.21-150100.8.47.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'postgresql10-plpython-10.21-150100.8.47.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'postgresql10-pltcl-10.21-150100.8.47.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'postgresql10-server-10.21-150100.8.47.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'postgresql10-test-10.21-150100.8.47.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'postgresql10-10.21-150100.8.47.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'postgresql10-contrib-10.21-150100.8.47.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'postgresql10-devel-10.21-150100.8.47.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'postgresql10-plperl-10.21-150100.8.47.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'postgresql10-plpython-10.21-150100.8.47.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'postgresql10-pltcl-10.21-150100.8.47.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'postgresql10-server-10.21-150100.8.47.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'postgresql10-10.21-150100.8.47.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'postgresql10-contrib-10.21-150100.8.47.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'postgresql10-devel-10.21-150100.8.47.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'postgresql10-plperl-10.21-150100.8.47.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'postgresql10-plpython-10.21-150100.8.47.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'postgresql10-pltcl-10.21-150100.8.47.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'postgresql10-server-10.21-150100.8.47.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'postgresql10 / postgresql10-contrib / postgresql10-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-03-11T06:25:33", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:4894 advisory.\n\n - postgresql: Autovacuum, REINDEX, and others omit security restricted operation sandbox (CVE-2022-1552)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-03T00:00:00", "type": "nessus", "title": "RHEL 8 : postgresql:10 (RHSA-2022:4894)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-1552"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:rhel_e4s:8.1", "p-cpe:/a:redhat:enterprise_linux:postgresql", "p-cpe:/a:redhat:enterprise_linux:postgresql-contrib", "p-cpe:/a:redhat:enterprise_linux:postgresql-docs", "p-cpe:/a:redhat:enterprise_linux:postgresql-plperl", "p-cpe:/a:redhat:enterprise_linux:postgresql-plpython3", "p-cpe:/a:redhat:enterprise_linux:postgresql-pltcl", "p-cpe:/a:redhat:enterprise_linux:postgresql-server", "p-cpe:/a:redhat:enterprise_linux:postgresql-server-devel", "p-cpe:/a:redhat:enterprise_linux:postgresql-static", "p-cpe:/a:redhat:enterprise_linux:postgresql-test", "p-cpe:/a:redhat:enterprise_linux:postgresql-test-rpm-macros", "p-cpe:/a:redhat:enterprise_linux:postgresql-upgrade", "p-cpe:/a:redhat:enterprise_linux:postgresql-upgrade-devel"], "id": "REDHAT-RHSA-2022-4894.NASL", "href": "https://www.tenable.com/plugins/nessus/161817", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:4894. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161817);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2022-1552\");\n script_xref(name:\"RHSA\", value:\"2022:4894\");\n script_xref(name:\"IAVB\", value:\"2022-B-0015-S\");\n\n script_name(english:\"RHEL 8 : postgresql:10 (RHSA-2022:4894)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2022:4894 advisory.\n\n - postgresql: Autovacuum, REINDEX, and others omit security restricted operation sandbox (CVE-2022-1552)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1552\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:4894\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2081126\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-1552\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(89, 459, 863);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/05/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/06/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/06/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-plperl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-plpython3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-pltcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-server-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-test-rpm-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-upgrade\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-upgrade-devel\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '8.1')) audit(AUDIT_OS_NOT, 'Red Hat 8.1', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar appstreams = {\n 'postgresql:10': [\n {\n 'repo_relative_urls': [\n 'content/e4s/rhel8/8.1/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.1/x86_64/appstream/os',\n 'content/e4s/rhel8/8.1/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.1/x86_64/baseos/os',\n 'content/e4s/rhel8/8.1/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.1/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.1/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.1/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.1/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/sap/debug',\n 'content/e4s/rhel8/8.1/x86_64/sap/os',\n 'content/e4s/rhel8/8.1/x86_64/sap/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'postgresql-10.21-2.module+el8.1.0+15339+34e1e10d', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-contrib-10.21-2.module+el8.1.0+15339+34e1e10d', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-docs-10.21-2.module+el8.1.0+15339+34e1e10d', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-plperl-10.21-2.module+el8.1.0+15339+34e1e10d', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-plpython3-10.21-2.module+el8.1.0+15339+34e1e10d', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-pltcl-10.21-2.module+el8.1.0+15339+34e1e10d', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-server-10.21-2.module+el8.1.0+15339+34e1e10d', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-server-devel-10.21-2.module+el8.1.0+15339+34e1e10d', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-static-10.21-2.module+el8.1.0+15339+34e1e10d', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-test-10.21-2.module+el8.1.0+15339+34e1e10d', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-test-rpm-macros-10.21-2.module+el8.1.0+15339+34e1e10d', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-upgrade-10.21-2.module+el8.1.0+15339+34e1e10d', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-upgrade-devel-10.21-2.module+el8.1.0+15339+34e1e10d', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n ]\n};\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:appstreams, appstreams:TRUE);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar module_ver = get_kb_item('Host/RedHat/appstream/postgresql');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module postgresql:10');\nif ('10' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module postgresql:' + module_ver);\n\nvar flag = 0;\nvar appstreams_found = 0;\nforeach var module (keys(appstreams)) {\n var appstream = NULL;\n var appstream_name = NULL;\n var appstream_version = NULL;\n var appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach var module_array ( appstreams[module] ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(module_array['repo_relative_urls'])) repo_relative_urls = module_array['repo_relative_urls'];\n foreach var package_array ( module_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module postgresql:10');\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Update Services for SAP Solutions repository.\\n' +\n 'Access to this repository requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'postgresql / postgresql-contrib / postgresql-docs / postgresql-plperl / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-03-12T06:31:56", "description": "The remote SUSE Linux SLED15 / SLES15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:1894-1 advisory.\n\n - A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck commands activated relevant protections too late or not at all during the process. This flaw allows an attacker with permission to create non-temporary objects in at least one schema to execute arbitrary SQL functions under a superuser identity. (CVE-2022-1552)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-01T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 / openSUSE 15 Security Update : postgresql12 (SUSE-SU-2022:1894-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-1552"], "modified": "2023-02-08T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:postgresql12", "p-cpe:/a:novell:suse_linux:postgresql12-contrib", "p-cpe:/a:novell:suse_linux:postgresql12-devel", "p-cpe:/a:novell:suse_linux:postgresql12-docs", "p-cpe:/a:novell:suse_linux:postgresql12-llvmjit", "p-cpe:/a:novell:suse_linux:postgresql12-plperl", "p-cpe:/a:novell:suse_linux:postgresql12-plpython", "p-cpe:/a:novell:suse_linux:postgresql12-pltcl", "p-cpe:/a:novell:suse_linux:postgresql12-server", "p-cpe:/a:novell:suse_linux:postgresql12-server-devel", "p-cpe:/a:novell:suse_linux:postgresql12-test", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-1894-1.NASL", "href": "https://www.tenable.com/plugins/nessus/161745", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:1894-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161745);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/08\");\n\n script_cve_id(\"CVE-2022-1552\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:1894-1\");\n script_xref(name:\"IAVB\", value:\"2022-B-0015-S\");\n\n script_name(english:\"SUSE SLED15 / SLES15 / openSUSE 15 Security Update : postgresql12 (SUSE-SU-2022:1894-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLED15 / SLES15 / openSUSE 15 host has packages installed that are affected by a vulnerability as\nreferenced in the SUSE-SU-2022:1894-1 advisory.\n\n - A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a\n privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH\n MATERIALIZED VIEW, CLUSTER, and pg_amcheck commands activated relevant protections too late or not at all\n during the process. This flaw allows an attacker with permission to create non-temporary objects in at\n least one schema to execute arbitrary SQL functions under a superuser identity. (CVE-2022-1552)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199475\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-May/011207.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?25fcdb98\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1552\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-1552\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/05/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/06/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:postgresql12\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:postgresql12-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:postgresql12-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:postgresql12-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:postgresql12-llvmjit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:postgresql12-plperl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:postgresql12-plpython\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:postgresql12-pltcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:postgresql12-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:postgresql12-server-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:postgresql12-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES|SUSE)\") audit(AUDIT_OS_NOT, \"SUSE / openSUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+|SUSE([\\d.]+))\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE / openSUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15|SUSE15\\.3|SUSE15\\.4)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED15 / SLES15 / openSUSE 15', 'SUSE / openSUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE / openSUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLED15 SP3\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2|3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP2/3\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'postgresql12-12.11-150200.8.32.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.2', 'SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2']},\n {'reference':'postgresql12-contrib-12.11-150200.8.32.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.2', 'SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2']},\n {'reference':'postgresql12-devel-12.11-150200.8.32.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.2', 'SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2']},\n {'reference':'postgresql12-docs-12.11-150200.8.32.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.2', 'SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2']},\n {'reference':'postgresql12-plperl-12.11-150200.8.32.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.2', 'SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2']},\n {'reference':'postgresql12-plpython-12.11-150200.8.32.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.2', 'SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2']},\n {'reference':'postgresql12-pltcl-12.11-150200.8.32.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.2', 'SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2']},\n {'reference':'postgresql12-server-12.11-150200.8.32.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.2', 'SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2']},\n {'reference':'postgresql12-server-devel-12.11-150200.8.32.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.2', 'SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2']},\n {'reference':'postgresql12-12.11-150200.8.32.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-legacy-release-15.3', 'sles-release-15.3']},\n {'reference':'postgresql12-contrib-12.11-150200.8.32.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-legacy-release-15.3', 'sles-release-15.3']},\n {'reference':'postgresql12-devel-12.11-150200.8.32.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-legacy-release-15.3', 'sles-release-15.3']},\n {'reference':'postgresql12-docs-12.11-150200.8.32.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-legacy-release-15.3', 'sles-release-15.3']},\n {'reference':'postgresql12-llvmjit-12.11-150200.8.32.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-packagehub-subpackages-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'postgresql12-llvmjit-12.11-150200.8.32.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-packagehub-subpackages-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'postgresql12-plperl-12.11-150200.8.32.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-legacy-release-15.3', 'sles-release-15.3']},\n {'reference':'postgresql12-plpython-12.11-150200.8.32.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-legacy-release-15.3', 'sles-release-15.3']},\n {'reference':'postgresql12-pltcl-12.11-150200.8.32.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-legacy-release-15.3', 'sles-release-15.3']},\n {'reference':'postgresql12-server-12.11-150200.8.32.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-legacy-release-15.3', 'sles-release-15.3']},\n {'reference':'postgresql12-server-devel-12.11-150200.8.32.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-legacy-release-15.3', 'sles-release-15.3']},\n {'reference':'postgresql12-test-12.11-150200.8.32.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-packagehub-subpackages-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'postgresql12-test-12.11-150200.8.32.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-packagehub-subpackages-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'postgresql12-12.11-150200.8.32.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'postgresql12-contrib-12.11-150200.8.32.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'postgresql12-devel-12.11-150200.8.32.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'postgresql12-plperl-12.11-150200.8.32.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'postgresql12-plpython-12.11-150200.8.32.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'postgresql12-pltcl-12.11-150200.8.32.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'postgresql12-server-12.11-150200.8.32.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'postgresql12-server-devel-12.11-150200.8.32.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'postgresql12-12.11-150200.8.32.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'postgresql12-12.11-150200.8.32.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'postgresql12-contrib-12.11-150200.8.32.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'postgresql12-contrib-12.11-150200.8.32.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'postgresql12-devel-12.11-150200.8.32.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'postgresql12-devel-12.11-150200.8.32.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'postgresql12-docs-12.11-150200.8.32.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2', 'sles-ltss-release-15.2']},\n {'reference':'postgresql12-plperl-12.11-150200.8.32.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'postgresql12-plperl-12.11-150200.8.32.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'postgresql12-plpython-12.11-150200.8.32.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'postgresql12-plpython-12.11-150200.8.32.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'postgresql12-pltcl-12.11-150200.8.32.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'postgresql12-pltcl-12.11-150200.8.32.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'postgresql12-server-12.11-150200.8.32.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'postgresql12-server-12.11-150200.8.32.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'postgresql12-server-devel-12.11-150200.8.32.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'postgresql12-server-devel-12.11-150200.8.32.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'postgresql12-12.11-150200.8.32.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'postgresql12-contrib-12.11-150200.8.32.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'postgresql12-devel-12.11-150200.8.32.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'postgresql12-docs-12.11-150200.8.32.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'postgresql12-llvmjit-12.11-150200.8.32.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'postgresql12-plperl-12.11-150200.8.32.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'postgresql12-plpython-12.11-150200.8.32.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'postgresql12-pltcl-12.11-150200.8.32.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'postgresql12-server-12.11-150200.8.32.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'postgresql12-server-devel-12.11-150200.8.32.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'postgresql12-test-12.11-150200.8.32.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'postgresql12-12.11-150200.8.32.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'postgresql12-contrib-12.11-150200.8.32.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'postgresql12-devel-12.11-150200.8.32.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'postgresql12-docs-12.11-150200.8.32.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'postgresql12-llvmjit-12.11-150200.8.32.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'postgresql12-llvmjit-devel-12.11-150200.8.32.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'postgresql12-plperl-12.11-150200.8.32.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'postgresql12-plpython-12.11-150200.8.32.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'postgresql12-pltcl-12.11-150200.8.32.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'postgresql12-server-12.11-150200.8.32.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'postgresql12-server-devel-12.11-150200.8.32.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'postgresql12-test-12.11-150200.8.32.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'postgresql12-12.11-150200.8.32.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'postgresql12-contrib-12.11-150200.8.32.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'postgresql12-devel-12.11-150200.8.32.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'postgresql12-plperl-12.11-150200.8.32.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'postgresql12-plpython-12.11-150200.8.32.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'postgresql12-pltcl-12.11-150200.8.32.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'postgresql12-server-12.11-150200.8.32.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'postgresql12-server-devel-12.11-150200.8.32.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'postgresql12 / postgresql12-contrib / postgresql12-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-03-11T06:29:42", "description": "The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:4771 advisory.\n\n - postgresql: Autovacuum, REINDEX, and others omit security restricted operation sandbox (CVE-2022-1552)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-08T00:00:00", "type": "nessus", "title": "RHEL 9 : postgresql (RHSA-2022:4771)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-1552"], "modified": "2023-02-02T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:9", "cpe:/o:redhat:rhel_e4s:9.0", "cpe:/o:redhat:rhel_eus:9.0", "p-cpe:/a:redhat:enterprise_linux:postgresql", "p-cpe:/a:redhat:enterprise_linux:postgresql-contrib", "p-cpe:/a:redhat:enterprise_linux:postgresql-plperl", "p-cpe:/a:redhat:enterprise_linux:postgresql-plpython3", "p-cpe:/a:redhat:enterprise_linux:postgresql-pltcl", "p-cpe:/a:redhat:enterprise_linux:postgresql-private-devel", "p-cpe:/a:redhat:enterprise_linux:postgresql-private-libs", "p-cpe:/a:redhat:enterprise_linux:postgresql-server", "p-cpe:/a:redhat:enterprise_linux:postgresql-server-devel", "p-cpe:/a:redhat:enterprise_linux:postgresql-test", "p-cpe:/a:redhat:enterprise_linux:postgresql-upgrade"], "id": "REDHAT-RHSA-2022-4771.NASL", "href": "https://www.tenable.com/plugins/nessus/164856", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:4771. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164856);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/02\");\n\n script_cve_id(\"CVE-2022-1552\");\n script_xref(name:\"RHSA\", value:\"2022:4771\");\n script_xref(name:\"IAVB\", value:\"2022-B-0015-S\");\n\n script_name(english:\"RHEL 9 : postgresql (RHSA-2022:4771)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2022:4771 advisory.\n\n - postgresql: Autovacuum, REINDEX, and others omit security restricted operation sandbox (CVE-2022-1552)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1552\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:4771\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2081126\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-1552\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(89, 459);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/05/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:9\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:9.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:9.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-plperl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-plpython3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-pltcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-private-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-private-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-server-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-upgrade\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '9')) audit(AUDIT_OS_NOT, 'Red Hat 9.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel9/9/aarch64/appstream/debug',\n 'content/dist/rhel9/9/aarch64/appstream/os',\n 'content/dist/rhel9/9/aarch64/appstream/source/SRPMS',\n 'content/dist/rhel9/9/aarch64/baseos/debug',\n 'content/dist/rhel9/9/aarch64/baseos/os',\n 'content/dist/rhel9/9/aarch64/baseos/source/SRPMS',\n 'content/dist/rhel9/9/aarch64/codeready-builder/debug',\n 'content/dist/rhel9/9/aarch64/codeready-builder/os',\n 'content/dist/rhel9/9/aarch64/codeready-builder/source/SRPMS',\n 'content/dist/rhel9/9/aarch64/highavailability/debug',\n 'content/dist/rhel9/9/aarch64/highavailability/os',\n 'content/dist/rhel9/9/aarch64/highavailability/source/SRPMS',\n 'content/dist/rhel9/9/aarch64/supplementary/debug',\n 'content/dist/rhel9/9/aarch64/supplementary/os',\n 'content/dist/rhel9/9/aarch64/supplementary/source/SRPMS',\n 'content/dist/rhel9/9/ppc64le/appstream/debug',\n 'content/dist/rhel9/9/ppc64le/appstream/os',\n 'content/dist/rhel9/9/ppc64le/appstream/source/SRPMS',\n 'content/dist/rhel9/9/ppc64le/baseos/debug',\n 'content/dist/rhel9/9/ppc64le/baseos/os',\n 'content/dist/rhel9/9/ppc64le/baseos/source/SRPMS',\n 'content/dist/rhel9/9/ppc64le/codeready-builder/debug',\n 'content/dist/rhel9/9/ppc64le/codeready-builder/os',\n 'content/dist/rhel9/9/ppc64le/codeready-builder/source/SRPMS',\n 'content/dist/rhel9/9/ppc64le/highavailability/debug',\n 'content/dist/rhel9/9/ppc64le/highavailability/os',\n 'content/dist/rhel9/9/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel9/9/ppc64le/resilientstorage/debug',\n 'content/dist/rhel9/9/ppc64le/resilientstorage/os',\n 'content/dist/rhel9/9/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel9/9/ppc64le/sap-solutions/debug',\n 'content/dist/rhel9/9/ppc64le/sap-solutions/os',\n 'content/dist/rhel9/9/ppc64le/sap-solutions/source/SRPMS',\n 'content/dist/rhel9/9/ppc64le/sap/debug',\n 'content/dist/rhel9/9/ppc64le/sap/os',\n 'content/dist/rhel9/9/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel9/9/ppc64le/supplementary/debug',\n 'content/dist/rhel9/9/ppc64le/supplementary/os',\n 'content/dist/rhel9/9/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel9/9/s390x/appstream/debug',\n 'content/dist/rhel9/9/s390x/appstream/os',\n 'content/dist/rhel9/9/s390x/appstream/source/SRPMS',\n 'content/dist/rhel9/9/s390x/baseos/debug',\n 'content/dist/rhel9/9/s390x/baseos/os',\n 'content/dist/rhel9/9/s390x/baseos/source/SRPMS',\n 'content/dist/rhel9/9/s390x/codeready-builder/debug',\n 'content/dist/rhel9/9/s390x/codeready-builder/os',\n 'content/dist/rhel9/9/s390x/codeready-builder/source/SRPMS',\n 'content/dist/rhel9/9/s390x/highavailability/debug',\n 'content/dist/rhel9/9/s390x/highavailability/os',\n 'content/dist/rhel9/9/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel9/9/s390x/resilientstorage/debug',\n 'content/dist/rhel9/9/s390x/resilientstorage/os',\n 'content/dist/rhel9/9/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel9/9/s390x/sap/debug',\n 'content/dist/rhel9/9/s390x/sap/os',\n 'content/dist/rhel9/9/s390x/sap/source/SRPMS',\n 'content/dist/rhel9/9/s390x/supplementary/debug',\n 'content/dist/rhel9/9/s390x/supplementary/os',\n 'content/dist/rhel9/9/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/appstream/debug',\n 'content/dist/rhel9/9/x86_64/appstream/os',\n 'content/dist/rhel9/9/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/baseos/debug',\n 'content/dist/rhel9/9/x86_64/baseos/os',\n 'content/dist/rhel9/9/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/codeready-builder/debug',\n 'content/dist/rhel9/9/x86_64/codeready-builder/os',\n 'content/dist/rhel9/9/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/highavailability/debug',\n 'content/dist/rhel9/9/x86_64/highavailability/os',\n 'content/dist/rhel9/9/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/nfv/debug',\n 'content/dist/rhel9/9/x86_64/nfv/os',\n 'content/dist/rhel9/9/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/resilientstorage/debug',\n 'content/dist/rhel9/9/x86_64/resilientstorage/os',\n 'content/dist/rhel9/9/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/rt/debug',\n 'content/dist/rhel9/9/x86_64/rt/os',\n 'content/dist/rhel9/9/x86_64/rt/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/sap-solutions/debug',\n 'content/dist/rhel9/9/x86_64/sap-solutions/os',\n 'content/dist/rhel9/9/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/sap/debug',\n 'content/dist/rhel9/9/x86_64/sap/os',\n 'content/dist/rhel9/9/x86_64/sap/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/supplementary/debug',\n 'content/dist/rhel9/9/x86_64/supplementary/os',\n 'content/dist/rhel9/9/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'postgresql-13.7-1.el9_0', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-contrib-13.7-1.el9_0', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-plperl-13.7-1.el9_0', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-plpython3-13.7-1.el9_0', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-pltcl-13.7-1.el9_0', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-private-devel-13.7-1.el9_0', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-private-libs-13.7-1.el9_0', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-server-13.7-1.el9_0', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-server-devel-13.7-1.el9_0', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-test-13.7-1.el9_0', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-upgrade-13.7-1.el9_0', 'release':'9', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/e4s/rhel9/9.0/aarch64/appstream/debug',\n 'content/e4s/rhel9/9.0/aarch64/appstream/os',\n 'content/e4s/rhel9/9.0/aarch64/appstream/source/SRPMS',\n 'content/e4s/rhel9/9.0/aarch64/baseos/debug',\n 'content/e4s/rhel9/9.0/aarch64/baseos/os',\n 'content/e4s/rhel9/9.0/aarch64/baseos/source/SRPMS',\n 'content/e4s/rhel9/9.0/aarch64/highavailability/debug',\n 'content/e4s/rhel9/9.0/aarch64/highavailability/os',\n 'content/e4s/rhel9/9.0/aarch64/highavailability/source/SRPMS',\n 'content/e4s/rhel9/9.0/ppc64le/appstream/debug',\n 'content/e4s/rhel9/9.0/ppc64le/appstream/os',\n 'content/e4s/rhel9/9.0/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel9/9.0/ppc64le/baseos/debug',\n 'content/e4s/rhel9/9.0/ppc64le/baseos/os',\n 'content/e4s/rhel9/9.0/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel9/9.0/ppc64le/highavailability/debug',\n 'content/e4s/rhel9/9.0/ppc64le/highavailability/os',\n 'content/e4s/rhel9/9.0/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel9/9.0/ppc64le/resilientstorage/debug',\n 'content/e4s/rhel9/9.0/ppc64le/resilientstorage/os',\n 'content/e4s/rhel9/9.0/ppc64le/resilientstorage/source/SRPMS',\n 'content/e4s/rhel9/9.0/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel9/9.0/ppc64le/sap-solutions/os',\n 'content/e4s/rhel9/9.0/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel9/9.0/ppc64le/sap/debug',\n 'content/e4s/rhel9/9.0/ppc64le/sap/os',\n 'content/e4s/rhel9/9.0/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel9/9.0/s390x/appstream/debug',\n 'content/e4s/rhel9/9.0/s390x/appstream/os',\n 'content/e4s/rhel9/9.0/s390x/appstream/source/SRPMS',\n 'content/e4s/rhel9/9.0/s390x/baseos/debug',\n 'content/e4s/rhel9/9.0/s390x/baseos/os',\n 'content/e4s/rhel9/9.0/s390x/baseos/source/SRPMS',\n 'content/e4s/rhel9/9.0/s390x/highavailability/debug',\n 'content/e4s/rhel9/9.0/s390x/highavailability/os',\n 'content/e4s/rhel9/9.0/s390x/highavailability/source/SRPMS',\n 'content/e4s/rhel9/9.0/s390x/resilientstorage/debug',\n 'content/e4s/rhel9/9.0/s390x/resilientstorage/os',\n 'content/e4s/rhel9/9.0/s390x/resilientstorage/source/SRPMS',\n 'content/e4s/rhel9/9.0/s390x/sap/debug',\n 'content/e4s/rhel9/9.0/s390x/sap/os',\n 'content/e4s/rhel9/9.0/s390x/sap/source/SRPMS',\n 'content/e4s/rhel9/9.0/x86_64/appstream/debug',\n 'content/e4s/rhel9/9.0/x86_64/appstream/os',\n 'content/e4s/rhel9/9.0/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel9/9.0/x86_64/baseos/debug',\n 'content/e4s/rhel9/9.0/x86_64/baseos/os',\n 'content/e4s/rhel9/9.0/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel9/9.0/x86_64/highavailability/debug',\n 'content/e4s/rhel9/9.0/x86_64/highavailability/os',\n 'content/e4s/rhel9/9.0/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel9/9.0/x86_64/nfv/debug',\n 'content/e4s/rhel9/9.0/x86_64/nfv/os',\n 'content/e4s/rhel9/9.0/x86_64/nfv/source/SRPMS',\n 'content/e4s/rhel9/9.0/x86_64/resilientstorage/debug',\n 'content/e4s/rhel9/9.0/x86_64/resilientstorage/os',\n 'content/e4s/rhel9/9.0/x86_64/resilientstorage/source/SRPMS',\n 'content/e4s/rhel9/9.0/x86_64/rt/debug',\n 'content/e4s/rhel9/9.0/x86_64/rt/os',\n 'content/e4s/rhel9/9.0/x86_64/rt/source/SRPMS',\n 'content/e4s/rhel9/9.0/x86_64/sap-solutions/debug',\n 'content/e4s/rhel9/9.0/x86_64/sap-solutions/os',\n 'content/e4s/rhel9/9.0/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel9/9.0/x86_64/sap/debug',\n 'content/e4s/rhel9/9.0/x86_64/sap/os',\n 'content/e4s/rhel9/9.0/x86_64/sap/source/SRPMS',\n 'content/eus/rhel9/9.0/aarch64/appstream/debug',\n 'content/eus/rhel9/9.0/aarch64/appstream/os',\n 'content/eus/rhel9/9.0/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel9/9.0/aarch64/baseos/debug',\n 'content/eus/rhel9/9.0/aarch64/baseos/os',\n 'content/eus/rhel9/9.0/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel9/9.0/aarch64/codeready-builder/debug',\n 'content/eus/rhel9/9.0/aarch64/codeready-builder/os',\n 'content/eus/rhel9/9.0/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel9/9.0/aarch64/highavailability/debug',\n 'content/eus/rhel9/9.0/aarch64/highavailability/os',\n 'content/eus/rhel9/9.0/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel9/9.0/aarch64/supplementary/debug',\n 'content/eus/rhel9/9.0/aarch64/supplementary/os',\n 'content/eus/rhel9/9.0/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel9/9.0/ppc64le/appstream/debug',\n 'content/eus/rhel9/9.0/ppc64le/appstream/os',\n 'content/eus/rhel9/9.0/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel9/9.0/ppc64le/baseos/debug',\n 'content/eus/rhel9/9.0/ppc64le/baseos/os',\n 'content/eus/rhel9/9.0/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel9/9.0/ppc64le/codeready-builder/debug',\n 'content/eus/rhel9/9.0/ppc64le/codeready-builder/os',\n 'content/eus/rhel9/9.0/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel9/9.0/ppc64le/highavailability/debug',\n 'content/eus/rhel9/9.0/ppc64le/highavailability/os',\n 'content/eus/rhel9/9.0/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel9/9.0/ppc64le/resilientstorage/debug',\n 'content/eus/rhel9/9.0/ppc64le/resilientstorage/os',\n 'content/eus/rhel9/9.0/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel9/9.0/ppc64le/sap-solutions/debug',\n 'content/eus/rhel9/9.0/ppc64le/sap-solutions/os',\n 'content/eus/rhel9/9.0/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel9/9.0/ppc64le/sap/debug',\n 'content/eus/rhel9/9.0/ppc64le/sap/os',\n 'content/eus/rhel9/9.0/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel9/9.0/ppc64le/supplementary/debug',\n 'content/eus/rhel9/9.0/ppc64le/supplementary/os',\n 'content/eus/rhel9/9.0/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel9/9.0/s390x/appstream/debug',\n 'content/eus/rhel9/9.0/s390x/appstream/os',\n 'content/eus/rhel9/9.0/s390x/appstream/source/SRPMS',\n 'content/eus/rhel9/9.0/s390x/baseos/debug',\n 'content/eus/rhel9/9.0/s390x/baseos/os',\n 'content/eus/rhel9/9.0/s390x/baseos/source/SRPMS',\n 'content/eus/rhel9/9.0/s390x/codeready-builder/debug',\n 'content/eus/rhel9/9.0/s390x/codeready-builder/os',\n 'content/eus/rhel9/9.0/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel9/9.0/s390x/highavailability/debug',\n 'content/eus/rhel9/9.0/s390x/highavailability/os',\n 'content/eus/rhel9/9.0/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel9/9.0/s390x/resilientstorage/debug',\n 'content/eus/rhel9/9.0/s390x/resilientstorage/os',\n 'content/eus/rhel9/9.0/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel9/9.0/s390x/sap/debug',\n 'content/eus/rhel9/9.0/s390x/sap/os',\n 'content/eus/rhel9/9.0/s390x/sap/source/SRPMS',\n 'content/eus/rhel9/9.0/s390x/supplementary/debug',\n 'content/eus/rhel9/9.0/s390x/supplementary/os',\n 'content/eus/rhel9/9.0/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel9/9.0/x86_64/appstream/debug',\n 'content/eus/rhel9/9.0/x86_64/appstream/os',\n 'content/eus/rhel9/9.0/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel9/9.0/x86_64/baseos/debug',\n 'content/eus/rhel9/9.0/x86_64/baseos/os',\n 'content/eus/rhel9/9.0/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel9/9.0/x86_64/codeready-builder/debug',\n 'content/eus/rhel9/9.0/x86_64/codeready-builder/os',\n 'content/eus/rhel9/9.0/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel9/9.0/x86_64/highavailability/debug',\n 'content/eus/rhel9/9.0/x86_64/highavailability/os',\n 'content/eus/rhel9/9.0/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel9/9.0/x86_64/resilientstorage/debug',\n 'content/eus/rhel9/9.0/x86_64/resilientstorage/os',\n 'content/eus/rhel9/9.0/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel9/9.0/x86_64/sap-solutions/debug',\n 'content/eus/rhel9/9.0/x86_64/sap-solutions/os',\n 'content/eus/rhel9/9.0/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel9/9.0/x86_64/sap/debug',\n 'content/eus/rhel9/9.0/x86_64/sap/os',\n 'content/eus/rhel9/9.0/x86_64/sap/source/SRPMS',\n 'content/eus/rhel9/9.0/x86_64/supplementary/debug',\n 'content/eus/rhel9/9.0/x86_64/supplementary/os',\n 'content/eus/rhel9/9.0/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'postgresql-13.7-1.el9_0', 'sp':'0', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-contrib-13.7-1.el9_0', 'sp':'0', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-plperl-13.7-1.el9_0', 'sp':'0', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-plpython3-13.7-1.el9_0', 'sp':'0', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-pltcl-13.7-1.el9_0', 'sp':'0', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-private-devel-13.7-1.el9_0', 'sp':'0', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-private-libs-13.7-1.el9_0', 'sp':'0', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-server-13.7-1.el9_0', 'sp':'0', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-server-devel-13.7-1.el9_0', 'sp':'0', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-test-13.7-1.el9_0', 'sp':'0', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'postgresql-upgrade-13.7-1.el9_0', 'sp':'0', 'release':'9', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp']) && !enterprise_linux_flag) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'postgresql / postgresql-contrib / postgresql-plperl / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-03-11T08:51:21", "description": "The version of postgresql installed on the remote host is prior to 9.2.24-8. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2022-1843 advisory.\n\n - A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck commands activated relevant protections too late or not at all during the process. This flaw allows an attacker with permission to create

Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOPs

Description

Affected Software

Related