4.3
CVE-2014-8161
- EPSS 0.58%
- Veröffentlicht 27.01.2020 16:15:10
- Zuletzt bearbeitet 21.11.2024 02:18:41
- Quelle secalert@redhat.com
- Teams Watchlist Login
- Unerledigt Login
PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to obtain sensitive column values by triggering constraint violation and then reading the error message.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Postgresql ≫ Postgresql Version < 9.0.19
Postgresql ≫ Postgresql Version >= 9.1.0 < 9.1.15
Postgresql ≫ Postgresql Version >= 9.2.0 < 9.2.10
Postgresql ≫ Postgresql Version >= 9.3.0 < 9.3.6
Postgresql ≫ Postgresql Version >= 9.4.0 < 9.4.1
Debian ≫ Debian Linux Version7.0
Debian ≫ Debian Linux Version8.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.58% | 0.679 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
|
| nvd@nist.gov | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:P/I:N/A:N
|
CWE-209 Generation of Error Message Containing Sensitive Information
The product generates an error message that includes sensitive information about its environment, users, or associated data.