Kaspersky LabKLA11196KLA11196 Multiple vulnerabilities in PostgreSQL
7 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
25.0%
Detect date:
02/08/2018
Severity:
High
Description:
Multiple serious vulnerabilities have been found in PostgreSQL. Malicious users can exploit these vulnerabilities to bypass security restrictions and obtain sensitive information.
Affected products:
PostgreSQL 9.3 earlier than 9.3.21
PostgreSQL 9.4 earlier than 9.4.16
PostgreSQL 9.5 earlier than 9.5.11
PostgreSQL 9.6 earlier than 9.6.7
PostgreSQL 10 earlier than 10.2
Solution:
Update to the latest version
Download PostgreSQL
Original advisories:
Impacts:
OSI
Related products:
CVE-IDS:
CVE-2018-10533.3Warning
CVE-2018-10524.0Warning
Related
7 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
25.0%