7.2
CVE-2007-6601
- EPSS 0.34%
- Veröffentlicht 09.01.2008 21:46:00
- Zuletzt bearbeitet 09.04.2025 00:30:58
- Quelle cve@mitre.org
- Teams Watchlist Login
- Unerledigt Login
The DBLink module in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21, when local trust or ident authentication is used, allows remote attackers to gain privileges via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2007-3278.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Postgresql ≫ Postgresql Version >= 7.3.0 < 7.3.21
Postgresql ≫ Postgresql Version >= 7.4.0 < 7.4.19
Postgresql ≫ Postgresql Version >= 8.0.0 < 8.0.15
Postgresql ≫ Postgresql Version >= 8.1.0 < 8.1.11
Postgresql ≫ Postgresql Version >= 8.2.0 < 8.2.6
Postgresql ≫ Postgresql Version8.2
Debian ≫ Debian Linux Version3.1
Debian ≫ Debian Linux Version4.0
Fedoraproject ≫ Fedora Version7
Fedoraproject ≫ Fedora Version8
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.34% | 0.561 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.2 | 3.9 | 10 |
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.