CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
High
Software: postgresql 12.1
OS: ROSA Virtualization 2.1
package_evr_string: postgresql-12.1
CVE-ID: CVE-2020-1720
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability has been discovered in PostgreSQL “ALTER … DEPENDS ON EXTENSION” where subcommands did not perform authorization checks. An authenticated attacker could exploit this vulnerability in certain configurations to perform deletion of objects such as functions, triggers, etc., resulting in database corruption.
CVE-STATUS: Not Relevant
CVE-REV:
CVE-ID: CVE-2021-32029
BDU-ID: 2021-02774
CVE-Crit: MEDIUM
CVE-DESC.: Vulnerability in the implementation of the UPDATE command … RETURNING of the PostgreSQL database management system is related to memory freeing errors. Exploitation of the vulnerability could allow an attacker acting remotely to gain unauthorized access to protected information
CVE-STATUS: Not current
CVE-REV:
CVE-ID: CVE-2021-3393
BDU-ID: 2021-00810
CVE-Crit: LOW
CVE-DESC.: A vulnerability in the PostgreSQL database management system is related to security mechanism flaws. Exploitation of the vulnerability could allow an attacker acting remotely to retrieve column values from an error message (without SELECT privilege)
CVE-STATUS: Not Relevant
CVE-REV:
CVE-ID: CVE-2021-3677
BDU-ID: 2021-04174
CVE-Crit: CRITICAL.
CVE-DESC.: A vulnerability in the PostgreSQL database management system is related to failure to take measures to protect the SQL query structure. Exploitation of the vulnerability could allow an attacker acting remotely to gain unauthorized access to protected information or cause a denial of service via a specially crafted query
CVE-STATUS: Not Current
CVE-REV:
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ROSA | any | noarch | postgresql | < 12.1 | UNKNOWN |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
High