4.3
CVE-2014-8161
- EPSS 0.58%
- Published 27.01.2020 16:15:10
- Last modified 21.11.2024 02:18:41
- Source secalert@redhat.com
- Teams watchlist Login
- Open Login
PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to obtain sensitive column values by triggering constraint violation and then reading the error message.
Data is provided by the National Vulnerability Database (NVD)
Postgresql ≫ Postgresql Version < 9.0.19
Postgresql ≫ Postgresql Version >= 9.1.0 < 9.1.15
Postgresql ≫ Postgresql Version >= 9.2.0 < 9.2.10
Postgresql ≫ Postgresql Version >= 9.3.0 < 9.3.6
Postgresql ≫ Postgresql Version >= 9.4.0 < 9.4.1
Debian ≫ Debian Linux Version7.0
Debian ≫ Debian Linux Version8.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.58% | 0.679 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
|
| nvd@nist.gov | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:P/I:N/A:N
|
CWE-209 Generation of Error Message Containing Sensitive Information
The product generates an error message that includes sensitive information about its environment, users, or associated data.