CVE-2018-1058

EPSS 81.98%
Veröffentlicht 02.03.2018 15:29:00
Zuletzt bearbeitet 21.11.2024 03:59:05
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw to execute code with the permissions of superuser in the database. Versions 9.3 through 10 are affected.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 10

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Postgresql ≫ Postgresql Version >= 9.3 < 9.3.22

Postgresql ≫ Postgresql Version >= 9.4 < 9.4.17

Postgresql ≫ Postgresql Version >= 9.5 < 9.5.12

Postgresql ≫ Postgresql Version >= 9.6 < 9.6.8

Postgresql ≫ Postgresql Version >= 10.0 < 10.3

Canonical ≫ Ubuntu Linux Version14.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version16.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version17.10

Redhat ≫ Cloudforms Version4.6

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	81.98%	0.992

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://access.redhat.com/errata/RHSA-2018:2511

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:2566

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:3816

Third Party Advisory

http://www.securityfocus.com/bid/103221

Third Party Advisory

VDB Entry

https://bugzilla.redhat.com/show_bug.cgi?id=1547044

Third Party Advisory

Issue Tracking