← Back

CVE-2017-7547

nvd nist
Published: Aug 16, 2017Modified: May 13, 2026

JSON object

Loading...
8.8
Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers to retrieve passwords from the user mappings defined by the foreign server owners without actually having the privileges to do so.

Affected (65)

Postgresql
1 product
Postgresql
Configuration A
22 vulnerable
Vulnerable SoftwareAffected Versions
Postgresql
Postgresql
Version 9.2.10
Postgresql
Version 9.2.11
Postgresql
Version 9.2.12
Postgresql
Version 9.2.13
Postgresql
Version 9.2.14
Postgresql
Version 9.2.15
Postgresql
Version 9.2.16
Postgresql
Version 9.2.17
Postgresql
Version 9.2.18
Postgresql
Version 9.2.19
Postgresql
Version 9.2.1
Postgresql
Version 9.2.20
Postgresql
Version 9.2.21
Postgresql
Version 9.2.2
Postgresql
Version 9.2.3
Postgresql
Version 9.2.4
Postgresql
Version 9.2.5
Postgresql
Version 9.2.6
Postgresql
Version 9.2.7
Postgresql
Version 9.2.8
Postgresql
Version 9.2.9
Postgresql
Version 9.2
Configuration B
18 vulnerable
Vulnerable SoftwareAffected Versions
Postgresql
Postgresql
Version 9.3.10
Postgresql
Version 9.3.11
Postgresql
Version 9.3.12
Postgresql
Version 9.3.13
Postgresql
Version 9.3.14
Postgresql
Version 9.3.15
Postgresql
Version 9.3.16
Postgresql
Version 9.3.17
Postgresql
Version 9.3.1
Postgresql
Version 9.3.2
Postgresql
Version 9.3.3
Postgresql
Version 9.3.4
Postgresql
Version 9.3.5
Postgresql
Version 9.3.6
Postgresql
Version 9.3.7
Postgresql
Version 9.3.8
Postgresql
Version 9.3.9
Postgresql
Version 9.3
Configuration C
13 vulnerable
Vulnerable SoftwareAffected Versions
Postgresql
Postgresql
Version 9.4.10
Postgresql
Version 9.4.11
Postgresql
Version 9.4.12
Postgresql
Version 9.4.1
Postgresql
Version 9.4.2
Postgresql
Version 9.4.3
Postgresql
Version 9.4.4
Postgresql
Version 9.4.5
Postgresql
Version 9.4.6
Postgresql
Version 9.4.7
Postgresql
Version 9.4.8
Postgresql
Version 9.4.9
Postgresql
Version 9.4
Configuration D
8 vulnerable
Vulnerable SoftwareAffected Versions
Postgresql
Postgresql
Version 9.5.1.
Postgresql
Version 9.5.2
Postgresql
Version 9.5.3
Postgresql
Version 9.5.4
Postgresql
Version 9.5.5
Postgresql
Version 9.5.6
Postgresql
Version 9.5.7
Postgresql
Version 9.5
Configuration E
4 vulnerable
Vulnerable SoftwareAffected Versions
Postgresql
Postgresql
Version 9.6.1
Postgresql
Version 9.6.2
Postgresql
Version 9.6.3
Postgresql
Version 9.6

Related CWEs

CWE-522
Insufficiently Protected Credentials
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

References (18)

Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Third Party AdvisoryVDB Entry
Source: secalert@redhat.com
Third Party AdvisoryVDB Entry
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
MitigationVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
MitigationVendor Advisory

Timeline

No history available yet.