CVE-2017-7547
Description
PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers to retrieve passwords from the user mappings defined by the foreign server owners without actually having the privileges to do so.
Risk Information
Base Score
8.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
1.109
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Update PostgressSQL to 9.2.22 | Windows |
| Update PostgressSQL to 9.3.18 | Windows |
| Update PostgressSQL to 9.4.13 | Windows |
| Vulnerabilities CVE-2017-7548,CVE-2017-7547,CVE-2017-7546 are fixed in PostgreSQL 9.6.4 | Windows |
| Vulnerabilities CVE-2017-7548,CVE-2017-7547,CVE-2017-7546 are fixed in PostgreSQL 9.5.8 | Windows |
| Vulnerabilities CVE-2017-7548,CVE-2017-7547,CVE-2017-7546 are fixed in PostgreSQL 9.4.13 | Windows |
| Vulnerabilities CVE-2017-7547,CVE-2017-7546 are fixed in PostgreSQL 9.3.18 | Windows |
| Vulnerabilities CVE-2017-7547,CVE-2017-7546 are fixed in PostgreSQL 9.2.22 | Windows |
| object-relational SQL database (USN-3390-1) postgresql-9.3_9.3.18-0ubuntu0.14.04.1_i386.deb | Linux |
| object-relational SQL database (USN-3390-1) postgresql-9.3_9.3.18-0ubuntu0.14.04.1_amd64.deb | Linux |
| object-relational SQL database (USN-3390-1) postgresql-9.5_9.5.8-0ubuntu0.16.04.1_i386.deb | Linux |
| object-relational SQL database (USN-3390-1) postgresql-9.5_9.5.8-0ubuntu0.16.04.1_amd64.deb | Linux |
| object-relational SQL database (USN-3390-1) postgresql-9.6_9.6.4-0ubuntu0.17.04.1_i386.deb | Linux |
| object-relational SQL database (USN-3390-1) postgresql-9.6_9.6.4-0ubuntu0.17.04.1_amd64.deb | Linux |
| Update PostgressSQL to 9.2.22 (For Linux) | Linux |
| Update PostgressSQL to 9.3.18 (For Linux) | Linux |
| Update PostgressSQL to 9.4.13 (For Linux) | Linux |
| Vulnerabilities CVE-2017-7548,CVE-2017-7547,CVE-2017-7546 are fixed in PostgreSQL 9.6.4 (For Linux) | Linux |
| Vulnerabilities CVE-2017-7548,CVE-2017-7547,CVE-2017-7546 are fixed in PostgreSQL 9.5.8 (For Linux) | Linux |
| Vulnerabilities CVE-2017-7548,CVE-2017-7547,CVE-2017-7546 are fixed in PostgreSQL 9.4.13 (For Linux) | Linux |
| Vulnerabilities CVE-2017-7547,CVE-2017-7546 are fixed in PostgreSQL 9.3.18 (For Linux) | Linux |
| Vulnerabilities CVE-2017-7547,CVE-2017-7546 are fixed in PostgreSQL 9.2.22 (For Linux) | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234