Description

PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to incorrect authentication flaw allowing remote attackers to gain access to database accounts with an empty password.

Remediation

References

CVE-2017-7546

Related Vulnerabilities

axios Uncontrolled Resource Consumption Vulnerability (CVE-2021-3749)

Python Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2014-4616)

WordPress Plugin Universal Analytics Cross-Site Scripting (1.3.0)

IBM RTC Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-2986)

Apache version older than 1.3.39

Severity

Critical

Classification

CVE-2017-7546 CWE-287 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities