Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

A vulnerability was found in PostgreSQL. This attack requires permission to create non-temporary objects in at least one schema the ability to lure or wait for an administrator to create or update an affected extension in that schema and the ability to lure or wait for a victim to use the object targeted in CREATE OR REPLACE or CREATE IF NOT EXISTS. Given all three prerequisites this flaw allows an attacker to run arbitrary code as the victim role which may be a superuser.

🗓️ 20 Aug 2022 07:00:00Reported by MicrosoftType 
mscve
 mscve🔗 msrc.microsoft.com👁 5 Views

PostgreSQL flaw enables code execution as the victim role if three prerequisites exist: create objects in a schema, lure admin to update an extension, and use the object.

Related
Detection
ReporterTitlePublishedViews
Family
IBM Security Bulletins		Security Bulletin: Multiple vulnerabilities fixed in IBM Security Verify Governance
11 Jan 202416:41
ibm
IBM Security Bulletins		Security Bulletin: Multiple Security Vulnerabilities were identified in IBM Security Verify Access.
9 Jan 202420:27
ibm
IBM Security Bulletins		Security Bulletin: IBM QRadar SIEM includes multiple components with known vulnerabilities
13 Feb 202313:10
ibm
IBM Security Bulletins		Security Bulletin: Vulnerabilities in PostgreSQL may affect IBM Spectrum Protect Plus (CVE-2022-2625, CVE-2022-1552, CVE-2021-3677)
30 Mar 202316:07
ibm
IBM Security Bulletins		Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities including remote code execution in Apache Commons Text 1.9
8 Dec 202204:10
ibm
IBM Security Bulletins		Security Bulletin: Multiple PostgreSQL Vulnerability affects IBM Storage Scale System (CVE-2023-2454, CVE-2022-2625)
22 Dec 202317:20
ibm
IBM Security Bulletins		Security Bulletin: IBM Sterling Connect:Direct Web Services is vulnerable to remote authenticated attacker to execute arbitrary code on the system due to PostgreSQL (CVE-2022-2625)
29 Nov 202217:05
ibm
IBM Security Bulletins		Security Bulletin: Vulnerabilities in PostgreSQL, Open JDK, and Jettison may affect IBM Spectrum Copy Data Management
9 Dec 202214:16
ibm
ALT Linux		Security fix for the ALT Linux 10 package postgresql12 version 12.12-alt1
18 Aug 202200:00
altlinux
ALT Linux		Security fix for the ALT Linux 9 package postgresql12-1C version 12.11-alt0.M90P.3
1 Sep 202200:00
altlinux
Rows per page
Vulners
Node
microsoftcbl2_postgresql_14.5-1Range<14.5-1
OR
microsoftcm1_postgresql_12.12-1Range<12.12-1

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
20 Aug 2022 07:00Current
7.2High risk
Vulners AI Score7.2
CVSS 3.18
EPSS0.0152
postgresqlcode executionvictim roleextension updateschema objectsprerequisitessuperuser
5