10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.021 Low
EPSS
Percentile
89.2%
PostgreSQL 8.1 and probably later versions, when the PL/pgSQL (plpgsql)
language has been created, grants certain plpgsql privileges to the PUBLIC
domain, which allows remote attackers to create and execute functions, as
demonstrated by functions that perform local brute-force password guessing
attacks, which may evade intrusion detection.