Description

PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to incorrect authentication flaw allowing remote attackers to gain access to database accounts with an empty password.

Remediation

References

CVE-2017-7546

Related Vulnerabilities

OpenSSL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-1551)

TYPO3 Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-4627)

WordPress 3.9.x Cross-Site Scripting Vulnerability (3.9 - 3.9.9)

Django Incorrect Regular Expression Vulnerability (CVE-2018-7536)

WordPress 3.7.x Multiple Vulnerabilities (3.7 - 3.7.23)

Severity

Critical

Classification

CVE-2017-7546 CWE-287 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities