8.1
CVE-2020-25694
- EPSS 0.12%
- Published 16.11.2020 01:15:12
- Last modified 21.11.2024 05:18:29
- Source secalert@redhat.com
- Teams watchlist Login
- Open Login
A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If a client application that creates additional database connections only reuses the basic connection parameters while dropping security-relevant parameters, an opportunity for a man-in-the-middle attack, or the ability to observe clear-text transmissions, could exist. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Data is provided by the National Vulnerability Database (NVD)
Postgresql ≫ Postgresql Version < 9.5.24
Postgresql ≫ Postgresql Version >= 9.6.0 < 9.6.20
Postgresql ≫ Postgresql Version >= 10.0 < 10.15
Postgresql ≫ Postgresql Version >= 11.0 < 11.10
Postgresql ≫ Postgresql Version >= 12.0 < 12.5
Postgresql ≫ Postgresql Version >= 13.0 < 13.1
Debian ≫ Debian Linux Version9.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.12% | 0.279 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 8.1 | 2.2 | 5.9 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
CWE-327 Use of a Broken or Risky Cryptographic Algorithm
The product uses a broken or risky cryptographic algorithm or protocol.