Home

CVE-2020-13692

Description

PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE.

Risk Information

Base Score
7.7
MODERATE
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H
EPSS Score
Exploitation Probability
7.355

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2020-13692 are fixed in PostgreSQL JDBC Driver 42.2.13Windows
Multiple Vulnerabilities are affected in IBM Security Guardium 11.1Windows
Multiple Vulnerabilities are affected in IBM Security Guardium 11.2Windows
Multiple Vulnerabilities are affected in IBM Security Guardium 11.3Windows
Multiple Vulnerabilities are affected in IBM Security Guardium 11.4Windows
Multiple Vulnerabilities are affected in IBM Security Guardium 11.0Windows
(RHSA-2020:3176) postgresql-jdbc security update postgresql-jdbc-42.2.3-3.el8_2.noarch.rpmLinux
(RHSA-2020:3176) postgresql-jdbc security update postgresql-jdbc-javadoc-42.2.3-3.el8_2.noarch.rpmLinux
(RHSA-2020:3284) postgresql-jdbc security update postgresql-jdbc-8.4.704-4.el6_10.noarch.rpmLinux
(RHSA-2020:3285) postgresql-jdbc security update postgresql-jdbc-9.2.1002-8.el7_8.noarch.rpmLinux
(RHSA-2020:3285) postgresql-jdbc security update postgresql-jdbc-javadoc-9.2.1002-8.el7_8.noarch.rpmLinux
Postgresql-jdbc update (ELSA-2020-3176) postgresql-jdbc-42.2.3-3.el8_2.noarch.rpmLinux
Postgresql-jdbc-javadoc update (ELSA-2020-3176) postgresql-jdbc-javadoc-42.2.3-3.el8_2.noarch.rpmLinux
SUSE-SU-2021:0599-1(SUSE Linux Enterprise Server 12-SP5 ) postgresql-jdbc-9.4-3.3.1.noarch.rpmLinux
(CESA-2020:3176) postgresql-jdbc security update postgresql-jdbc-42.2.3-3.el8_2.noarch.rpmLinux
(CESA-2020:3176) postgresql-jdbc security update postgresql-jdbc-javadoc-42.2.3-3.el8_2.noarch.rpmLinux
(CESA-2020:3284) postgresql-jdbc security update postgresql-jdbc-8.4.704-4.el6_10.noarch.rpmLinux
(CESA-2020:3285) postgresql-jdbc security update postgresql-jdbc-9.2.1002-8.el7_8.noarch.rpmLinux
(CESA-2020:3285) postgresql-jdbc security update postgresql-jdbc-javadoc-9.2.1002-8.el7_8.noarch.rpmLinux
postgresql-jdbc security update (RLSA-2020:3176) postgresql-jdbc-42.2.3-3.el8_2.noarch.rpmLinux
postgresql-jdbc security update (RLSA-2020:3176) postgresql-jdbc-javadoc-42.2.3-3.el8_2.noarch.rpmLinux
postgresql-jdbc Security Update (ALAS-2020-1482) postgresql-jdbc-9.2.1002-8.amzn2.noarch.rpmLinux
postgresql-jdbc Security Update (ALAS-2020-1482) postgresql-jdbc-javadoc-9.2.1002-8.amzn2.noarch.rpmLinux
libpgjava security update(DSA-5196-1) libpostgresql-jdbc-java-doc_42.2.5-2+deb10u1_all.debLinux
libpgjava security update(DSA-5196-1) libpostgresql-jdbc-java-doc_42.2.15-1+deb11u1_all.debLinux
libpgjava security update(DSA-5196-1) libpostgresql-jdbc-java_42.2.5-2+deb10u1_all.debLinux
libpgjava security update(DSA-5196-1) libpostgresql-jdbc-java_42.2.15-1+deb11u1_all.debLinux
Vulnerabilities CVE-2020-13692 are fixed in PostgreSQL JDBC Driver for Linux 42.2.13Linux
Improper Restriction of XML External Entity Reference Vulnerability (CVE-2020-13692)NCM

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234