Lucene search

[email protected]NVD:CVE-2017-7547

HistoryAug 16, 2017 - 6:29 p.m.

CVE-2017-7547

2017-08-1618:29:00

CWE-522

[email protected]

web.nvd.nist.gov

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.2 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.7%

JSON

PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers to retrieve passwords from the user mappings defined by the foreign server owners without actually having the privileges to do so.

Affected configurations

NVD

Node

postgresqlpostgresqlMatch9.2

postgresqlpostgresqlMatch9.2.1

postgresqlpostgresqlMatch9.2.2

postgresqlpostgresqlMatch9.2.3

postgresqlpostgresqlMatch9.2.4

postgresqlpostgresqlMatch9.2.5

postgresqlpostgresqlMatch9.2.6

postgresqlpostgresqlMatch9.2.7

postgresqlpostgresqlMatch9.2.8

postgresqlpostgresqlMatch9.2.9

postgresqlpostgresqlMatch9.2.10

postgresqlpostgresqlMatch9.2.11

postgresqlpostgresqlMatch9.2.12

postgresqlpostgresqlMatch9.2.13

postgresqlpostgresqlMatch9.2.14

postgresqlpostgresqlMatch9.2.15

postgresqlpostgresqlMatch9.2.16

postgresqlpostgresqlMatch9.2.17

postgresqlpostgresqlMatch9.2.18

postgresqlpostgresqlMatch9.2.19

postgresqlpostgresqlMatch9.2.20

postgresqlpostgresqlMatch9.2.21

Node

postgresqlpostgresqlMatch9.3

postgresqlpostgresqlMatch9.3.1

postgresqlpostgresqlMatch9.3.2

postgresqlpostgresqlMatch9.3.3

postgresqlpostgresqlMatch9.3.4

postgresqlpostgresqlMatch9.3.5

postgresqlpostgresqlMatch9.3.6

postgresqlpostgresqlMatch9.3.7

postgresqlpostgresqlMatch9.3.8

postgresqlpostgresqlMatch9.3.9

postgresqlpostgresqlMatch9.3.10

postgresqlpostgresqlMatch9.3.11

postgresqlpostgresqlMatch9.3.12

postgresqlpostgresqlMatch9.3.13

postgresqlpostgresqlMatch9.3.14

postgresqlpostgresqlMatch9.3.15

postgresqlpostgresqlMatch9.3.16

postgresqlpostgresqlMatch9.3.17

Node

postgresqlpostgresqlMatch9.4

postgresqlpostgresqlMatch9.4.1

postgresqlpostgresqlMatch9.4.2

postgresqlpostgresqlMatch9.4.3

postgresqlpostgresqlMatch9.4.4

postgresqlpostgresqlMatch9.4.5

postgresqlpostgresqlMatch9.4.6

postgresqlpostgresqlMatch9.4.7

postgresqlpostgresqlMatch9.4.8

postgresqlpostgresqlMatch9.4.9

postgresqlpostgresqlMatch9.4.10

postgresqlpostgresqlMatch9.4.11

postgresqlpostgresqlMatch9.4.12

Node

postgresqlpostgresqlMatch9.5

postgresqlpostgresqlMatch9.5.1.

postgresqlpostgresqlMatch9.5.2

postgresqlpostgresqlMatch9.5.3

postgresqlpostgresqlMatch9.5.4

postgresqlpostgresqlMatch9.5.5

postgresqlpostgresqlMatch9.5.6

postgresqlpostgresqlMatch9.5.7

Node

postgresqlpostgresqlMatch9.6

postgresqlpostgresqlMatch9.6.1

postgresqlpostgresqlMatch9.6.2

postgresqlpostgresqlMatch9.6.3

References

www.debian.org/security/2017/dsa-3935

www.debian.org/security/2017/dsa-3936

www.securityfocus.com/bid/100275

www.securitytracker.com/id/1039142

access.redhat.com/errata/RHSA-2017:2677

access.redhat.com/errata/RHSA-2017:2678

access.redhat.com/errata/RHSA-2017:2728

security.gentoo.org/glsa/201710-06

www.postgresql.org/about/news/1772/

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.2 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.7%

JSON

Related for NVD:CVE-2017-7547