6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.005 Low
EPSS
Percentile
77.1%
The remote host is running PostgreSQL, a database application. The version of PostgreSQL is potentially affected by multiple issues :
Authenticated non-superusers can shut down the backend server by re-LOAD-ing libraries in $libdir/plugins, if any libraries are present there.
A privilege escalation issue allows some actions to be performed with superuser privileges instead of table owner privileges. This is related to the fix for CVE-2007-6600 which failed to include protection against misuse of ‘RESET SESSION AUTHORIZATION’.
If PostgreSQL is configured with LDAP authentication, and your LDAP configuration allows anonymous binds, it is possible for a user to authenticate themselves with an empty password.
Binary data 5170.prm
Vendor | Product | Version | CPE |
---|---|---|---|
postgresql | postgresql | cpe:/a:postgresql:postgresql |