Lucene search

K
kasperskyKaspersky LabKLA11937
HistoryAug 13, 2020 - 12:00 a.m.

KLA11937 Security vulnerability in PostgreSQL

2020-08-1300:00:00
Kaspersky Lab
threats.kaspersky.com
15

7.3 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

7.3 High

AI Score

Confidence

High

4.4 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

12.6%

Detect date:

08/13/2020

Severity:

Warning

Description:

Security vulnerability was found in PostgreSQL. Malicious users can exploit this vulnerability to bypass security vulnerability, obtain sensitive information.

Affected products:

PostgreSQL 9.5 earlier than 9.5.23
PostgreSQL 9.6 earlier than 9.6.19
PostgreSQL 10 earlier than 10.14
PostgreSQL 11 earlier than 11.9
PostgreSQL 12 earlier than 12.4

Solution:

Update to the latest version
Download PostgreSQL

Original advisories:

PostgreSQL News

Impacts:

OSI

Related products:

PostgreSQL

CVE-IDS:

CVE-2020-143507.3High

7.3 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

7.3 High

AI Score

Confidence

High

4.4 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

12.6%