6.5
CVE-2021-3677
- EPSS 0.26%
- Published 02.03.2022 23:15:08
- Last modified 21.11.2024 06:22:08
- Source secalert@redhat.com
- Teams watchlist Login
- Open Login
A flaw was found in postgresql. A purpose-crafted query can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can complete this attack at will. The attack does not require the ability to create objects. If server settings include max_worker_processes=0, the known versions of this attack are infeasible. However, undiscovered variants of the attack may be independent of that setting.
Data is provided by the National Vulnerability Database (NVD)
Postgresql ≫ Postgresql Version >= 11.0 < 11.13
Postgresql ≫ Postgresql Version >= 12.0 < 12.8
Postgresql ≫ Postgresql Version >= 13.0 < 13.4
Redhat ≫ Virtualization Version4.0
Redhat ≫ Enterprise Linux Version8.0
Redhat ≫ Enterprise Linux For Ibm Z Systems Version8.0
Redhat ≫ Enterprise Linux For Power Little Endian Version8.0
Redhat ≫ Software Collections Version1.0
Fedoraproject ≫ Fedora Version34
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.26% | 0.495 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:P/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.