CVE-2022-40756

Published: Sep 30, 2022Modified: May 20, 2025

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

If folder security is misconfigured for Actian Zen PSQL BEFORE Patch Update 1 for Zen 15 SP1 (v15.11.005), Patch Update 4 for Zen 15 (v15.01.017), or Patch Update 5 for Zen 14 SP2 (v14.21.022), it can allow an attacker (with file read/write access) to remove specific security files in order to reset the master password and gain access to the database.

Affected (3)

Products: Actian: Psql, Zen

2 products

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Actian Psql	From 11 to 13
Actian Zen	From 14.0 to 14.21.022
Actian Zen	From 15.0 to 15.01.017

Related CWEs

Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References (4)

https://actian.my.salesforce.com/sfc/p/#300000001XnW/a/4y000000LhjZ/s7Hk0dFM1Z9nLuAPa50rMaZie7mqCR5u33NZFbdKT7Q

Source: cve@mitre.org

Vendor Advisory

https://www.actian.com/support-services/

Source: cve@mitre.org

Vendor Advisory

https://actian.my.salesforce.com/sfc/p/#300000001XnW/a/4y000000LhjZ/s7Hk0dFM1Z9nLuAPa50rMaZie7mqCR5u33NZFbdKT7Q

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.actian.com/support-services/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.