7.5

CVE-2017-7484

EPSS 2.29%
Published 12.05.2017 19:29:00
Last modified 20.04.2025 01:37:25
Source secalert@redhat.com
Teams watchlist Login
Open Login

It was found that some selectivity estimation functions in PostgreSQL before 9.2.21, 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3 did not check user privileges before providing information from pg_statistic, possibly leaking information. An unprivileged attacker could use this flaw to steal some information from tables they are otherwise not allowed to access.

Affected products Warnungen 0 Metrics 3 CWE 2 References 13

Data is provided by the National Vulnerability Database (NVD)

Postgresql ≫ Postgresql Version <= 9.2.20

Postgresql ≫ Postgresql Version9.3

Postgresql ≫ Postgresql Version9.3.1

Postgresql ≫ Postgresql Version9.3.2

Postgresql ≫ Postgresql Version9.3.3

Postgresql ≫ Postgresql Version9.3.4

Postgresql ≫ Postgresql Version9.3.5

Postgresql ≫ Postgresql Version9.3.6

Postgresql ≫ Postgresql Version9.3.7

Postgresql ≫ Postgresql Version9.3.8

Postgresql ≫ Postgresql Version9.3.9

Postgresql ≫ Postgresql Version9.3.10

Postgresql ≫ Postgresql Version9.3.11

Postgresql ≫ Postgresql Version9.3.12

Postgresql ≫ Postgresql Version9.3.13

Postgresql ≫ Postgresql Version9.3.14

Postgresql ≫ Postgresql Version9.3.15

Postgresql ≫ Postgresql Version9.3.16

Postgresql ≫ Postgresql Version9.4

Postgresql ≫ Postgresql Version9.4.1

Postgresql ≫ Postgresql Version9.4.2

Postgresql ≫ Postgresql Version9.4.3

Postgresql ≫ Postgresql Version9.4.4

Postgresql ≫ Postgresql Version9.4.5

Postgresql ≫ Postgresql Version9.4.6

Postgresql ≫ Postgresql Version9.4.7

Postgresql ≫ Postgresql Version9.4.8

Postgresql ≫ Postgresql Version9.4.9

Postgresql ≫ Postgresql Version9.4.10

Postgresql ≫ Postgresql Version9.4.11

Postgresql ≫ Postgresql Version9.5

Postgresql ≫ Postgresql Version9.5.1

Postgresql ≫ Postgresql Version9.5.2

Postgresql ≫ Postgresql Version9.5.3

Postgresql ≫ Postgresql Version9.5.4

Postgresql ≫ Postgresql Version9.5.5

Postgresql ≫ Postgresql Version9.5.6

Postgresql ≫ Postgresql Version9.6

Postgresql ≫ Postgresql Version9.6.1

Postgresql ≫ Postgresql Version9.6.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	2.29%	0.841

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CWE-285 Improper Authorization

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

https://access.redhat.com/errata/RHSA-2017:2425

http://www.debian.org/security/2017/dsa-3851

http://www.securityfocus.com/bid/98459

Third Party Advisory

VDB Entry

http://www.securitytracker.com/id/1038476

https://access.redhat.com/errata/RHSA-2017:1677

https://access.redhat.com/errata/RHSA-2017:1678

https://access.redhat.com/errata/RHSA-2017:1838

https://access.redhat.com/errata/RHSA-2017:1983

https://security.gentoo.org/glsa/201710-06

https://www.postgresql.org/about/news/1746/

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2017-7484

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-7484

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-7484

EUVD