Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMAB3DAD106D99F8C869CED887AF75919567F729422A0DB3FCFE79E4481FCE7B92
HistoryJun 16, 2018 - 9:25 p.m.

Security Bulletin: PostgreSQL 9.2.8 as used in IBM QRadar SIEM 7.2.4 and IBM QRadar SIEM 7.1 MR2 is vulnerable to allow a remote authenticated attacker to obtain sensitive information. (CVE-2014-8161, CVE-2015-0241, CVE-2015-0243, CVE-2015-0244)

2018-06-1621:25:51
www.ibm.com
12

0.005 Low

EPSS

Percentile

76.5%

JSON

Summary

Multiple security vulnerabilities have been discovered in the PostgreSQL component bundled with IBM QRadar version 7.1.x and 7.2.x.

Vulnerability Details

CVE-ID:CVE-2014-8161

Description: PostgreSQL could allow a remote authenticated attacker to obtain sensitive information, caused by a constraint violation error. An attacker could exploit this vulnerability to obtain restricted data.

**CVSS Base Score:**4.0 **CVSS Temporal Score:**See https://exchange.xforce.ibmcloud.com/vulnerabilities/100781 for the current score. **CVSS Environmental Score:***Undefined **CVSS Vector:**AV:N/AC:L/Au:S/C:P/I:N/A:N

CVE-ID:CVE-2015-0241

Description: PostgreSQL is vulnerable to a buffer overflow, caused by improper bounds checking by the to_char function. A remote authenticated attacker could overflow a buffer and execute arbitrary code on the system or cause a denial of service.

**CVSS Base Score:**6.0 **CVSS Temporal Score:**See https://exchange.xforce.ibmcloud.com/vulnerabilities/100777 for the current score. **CVSS Environmental Score:***Undefined **CVSS Vector:**AV:N/AC:M/Au:S/C:P/I:P/A:P

CVE-ID:CVE-2015-0243

Description: PostgreSQL is vulnerable to a stack buffer overflow, caused by improper bounds checking by the pgcrypto extension. A remote authenticated attacker could overflow a buffer and execute arbitrary code on the system or cause a denial of service.

**CVSS Base Score:**6.0 **CVSS Temporal Score:**See https://exchange.xforce.ibmcloud.com/vulnerabilities/100779 for the current score. **CVSS Environmental Score:***Undefined **CVSS Vector:**AV:N/AC:M/Au:S/C:P/I:P/A:P

CVE-ID:CVE-2015-0244

Description: PostgreSQL could allow a remote authenticated attacker to bypass security restrictions, caused by an error in extended protocol message reading. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass access restrictions.

**CVSS Base Score:**3.5 **CVSS Temporal Score:**See https://exchange.xforce.ibmcloud.com/vulnerabilities/100780 for the current score. **CVSS Environmental Score:***Undefined **CVSS Vector:**AV:N/AC:M/Au:S/C:N/I:P/A:N

Affected Products and Versions

ยท IBM QRadar Security Information and Event Manager 7.2.x.

ยท IBM QRadar Security Information and Event Manager 7.1.xโ€ฆ

Remediation/Fixes

ยท IBM QRadar/QRM/QVM/QRIF 7.2.5 Patch 3

ยท IBM QRadar Security Information and Event Manager 7.1 MR2 Patch 11

Workarounds and Mitigations

None

Related

nessus 27
openvas 17
securityvulns 4
redhat 3
osv 2
oraclelinux 1
amazon 3
debian 2
archlinux 2
veracode 4
centos 1
ubuntu 1
mageia 1
freebsd 1
gentoo 1
fedora 2
nvd 4
cve 4
prion 4
postgresql 4
ubuntucve 4
cvelist 4
huawei 1
nessus
nessus
RHEL 6 / 7 : postgresql (RHSA-2015:0750)
2015-03-31 00:00:00
Mandriva Linux Security Advisory : postgresql (MDVSA-2015:048)
2015-02-13 00:00:00
RHEL 6 : postgresql92-postgresql (RHSA-2015:0856)
2015-04-21 00:00:00
openvas
openvas
Debian Security Advisory DSA 3155-1 (postgresql-9.1 - security update)
2015-02-06 00:00:00
SUSE: Security Advisory (SUSE-SU-2015:0478-1)
2021-04-19 00:00:00
CentOS Update for postgresql CESA-2015:0750 centos6
2015-03-31 00:00:00
securityvulns
securityvulns
PostgreSQL multiple security vulnerabilities
2015-02-11 00:00:00
[SECURITY] [DSA 3155-1] postgresql-9.1 security update
2015-02-11 00:00:00
Apple Mac OS X / OS X Server multiple security vulnerabilities
2015-08-17 00:00:00
redhat
redhat
(RHSA-2015:0856) Moderate: postgresql92-postgresql security update
2015-04-20 00:00:00
(RHSA-2015:0750) Moderate: postgresql security update
2015-03-30 00:00:00
(RHSA-2015:0699) Moderate: postgresql92-postgresql security update
2015-03-18 00:00:00
osv
osv
postgresql-9.1 - security update
2015-02-06 00:00:00
postgresql-8.4 - new minor release
2015-02-12 00:00:00
oraclelinux
oraclelinux
postgresql security update
2015-03-30 00:00:00
amazon
amazon
Medium: postgresql8
2015-04-15 21:47:00
Medium: postgresql92
2015-03-13 02:37:00
Medium: postgresql93
2015-02-25 20:34:00
debian
debian
[SECURITY] [DLA-152-1] postgresql-8.4 update
2015-02-12 11:10:32
[SECURITY] [DSA 3155-1] postgresql-9.1 security update
2015-02-06 13:30:32
archlinux
archlinux
postgresql: multiple issues
2015-02-06 00:00:00
[ASA-202102-31] postgresql: information disclosure
2021-02-20 00:00:00
veracode
veracode
SQL Injection
2019-05-02 05:12:40
Buffer Overflow
2019-05-02 05:12:40
Information Disclosure
2019-01-15 09:05:07
centos
centos
postgresql security update
2015-03-30 13:25:17
ubuntu
ubuntu
PostgreSQL vulnerabilities
2015-02-11 00:00:00
mageia
mageia
Updated postgresql packages fix security vulnerabilities
2015-02-17 21:38:13
freebsd
freebsd
PostgreSQL -- multiple buffer overflows and memory issues
2015-02-05 00:00:00
gentoo
gentoo
PostgreSQL: Multiple vulnerabilities
2015-07-18 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: postgresql-9.3.6-1.fc20
2015-02-15 02:58:37
[SECURITY] Fedora 21 Update: postgresql-9.3.6-1.fc21
2015-02-08 08:58:19
nvd
nvd
CVE-2014-8161
2020-01-27 16:15:10
CVE-2015-0243
2020-01-27 16:15:10
CVE-2015-0244
2020-01-27 16:15:10
cve
cve
CVE-2014-8161
2020-01-27 16:15:10
CVE-2015-0241
2020-01-27 16:15:10
CVE-2015-0243
2020-01-27 16:15:10
prion
prion
Code injection
2020-01-27 16:15:00
Buffer overflow
2020-01-27 16:15:00
Buffer overflow
2020-01-27 16:15:00
postgresql
postgresql
Vulnerability in core server (CVE-2014-8161)
2020-01-27 16:15:00
Vulnerability in core server (CVE-2015-0241)
2020-01-27 16:15:00
Vulnerability in contrib module (CVE-2015-0243)
2020-01-27 16:15:00
ubuntucve
ubuntucve
CVE-2014-8161
2015-02-06 00:00:00
CVE-2015-0243
2015-02-06 00:00:00
CVE-2015-0241
2015-02-06 00:00:00
cvelist
cvelist
CVE-2014-8161
2020-01-27 15:29:21
CVE-2015-0243
2020-01-27 15:29:28
CVE-2015-0244
2020-01-27 15:29:25
huawei
huawei
Security Advisory - SQL Injection Vulnerability in the GaussDB
2017-06-07 00:00:00

0.005 Low

EPSS

Percentile

76.5%

JSON
Related for AB3DAD106D99F8C869CED887AF75919567F729422A0DB3FCFE79E4481FCE7B92
nessus27openvas17securityvulns4redhat3osv2oraclelinux1amazon3debian2archlinux2veracode4centos1ubuntu1mageia1freebsd1gentoo1fedora2nvd4cve4prion4postgresql4ubuntucve4cvelist4huawei1