Vulnerability Description
PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to incorrect authentication flaw allowing remote attackers to gain access to database accounts with an empty password.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Postgresql | Postgresql | 9.2 |
| Debian | Debian Linux | 9.0 |
Related Weaknesses (CWE)
References
- http://www.debian.org/security/2017/dsa-3935Third Party Advisory
- http://www.debian.org/security/2017/dsa-3936Third Party Advisory
- http://www.securityfocus.com/bid/100278Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1039142Third Party AdvisoryVDB Entry
- https://access.redhat.com/errata/RHSA-2017:2677Third Party Advisory
- https://access.redhat.com/errata/RHSA-2017:2678Third Party Advisory
- https://access.redhat.com/errata/RHSA-2017:2728Third Party Advisory
- https://access.redhat.com/errata/RHSA-2017:2860Third Party Advisory
- https://security.gentoo.org/glsa/201710-06Third Party Advisory
- https://www.postgresql.org/about/news/1772/Vendor Advisory
- http://www.debian.org/security/2017/dsa-3935Third Party Advisory
- http://www.debian.org/security/2017/dsa-3936Third Party Advisory
- http://www.securityfocus.com/bid/100278Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1039142Third Party AdvisoryVDB Entry
- https://access.redhat.com/errata/RHSA-2017:2677Third Party Advisory
FAQ
What is CVE-2017-7546?
CVE-2017-7546 is a vulnerability with a CVSS score of 9.8 (CRITICAL). PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to incorrect authentication flaw allowing remote attackers to gain access to database accounts with an empty password.
How severe is CVE-2017-7546?
CVE-2017-7546 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2017-7546?
Check the references section above for vendor advisories and patch information. Affected products include: Postgresql Postgresql, Debian Debian Linux.