CVE-2019-10211 — Vulnetix

Try Vulnetix Request Demo

CVE-2019-10211 PUBLISHED

Es existiert eine Schwachstelle in PostgreSQL bezüglich des EnterpriseDB Windows Installationsprogramms. Die mit dem Installer ausgelieferte OpenSSL Version wird in einem ungeschützten Verzeichnis ausgeführt. Ein lokaler Angreifer, der vor dem Installationsvorgang dieses Verzeichnis anlegt und dort eine speziell gestaltete OpenSSL Konfigurationsdatei ablegt, kann die SSL Konfiguation der zu installierenden Datenbank beeinflussen.

EPSS 1.19% · 78.7th percentile

Risk Scores

EPSS Score

1.19%

78.7th percentile

Affected Products

Vendor	Product	Versions
Ubuntu	Ubuntu Linux
EMC	EMC NetWorker <19.7.0.1
Amazon	Amazon Linux 2
Open Source	Open Source PostgreSQL <9.4.24
Red Hat	Red Hat Enterprise Linux
Open Source	Open Source PostgreSQL <10.10
Debian	Debian Linux
Open Source	Open Source PostgreSQL <9.5.19
Open Source	Open Source Arch Linux
Open Source	Open Source PostgreSQL <9.6.15
Oracle	Oracle Linux
Open Source	Open Source PostgreSQL <11.5
SUSE	SUSE Linux

Timeline

CVE Published
Sep 24, 2019 PoC Published
Apr 14, 2021 EPSS Score
Aug 23, 2021 EPSS Score
Dec 25, 2021 EPSS Score
Jan 6, 2022 EPSS Score
Feb 25, 2022 EPSS Score
Apr 28, 2022 EPSS Score
Aug 31, 2022 EPSS Score
Jan 2, 2023 EPSS Score
Mar 5, 2023 EPSS Score
May 6, 2023 EPSS Score

References

https://access.redhat.com/errata/RHSA-2021:0167 advisory
https://wid.cert-bund.de/.well-known/csaf/white/2019/wid-sec-w-2022-1380.json advisory
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1380 advisory
https://www.postgresql.org/about/news/1960/ advisory
https://usn.ubuntu.com/4090-1/ advisory
https://www.debian.org/security/2019/dsa-4492 advisory
https://security.archlinux.org/ASA-201908-7 advisory
https://security.archlinux.org/ASA-201908-8 advisory
https://www.suse.com/support/update/announcement/2019/suse-su-20192159-1.html advisory
https://www.suse.com/support/update/announcement/2019/suse-su-20192228-1.html advisory
https://www.suse.com/support/update/announcement/2019/suse-su-20192158-1.html advisory
https://www.suse.com/support/update/announcement/2019/suse-su-20192707-1/ advisory
https://access.redhat.com/errata/RHSA-2020:3669 advisory
https://access.redhat.com/errata/RHSA-2020:4295 advisory
https://access.redhat.com/errata/RHSA-2020:5619 advisory
https://access.redhat.com/errata/RHSA-2020:5661 advisory
https://access.redhat.com/errata/RHSA-2020:5664 advisory
http://linux.oracle.com/errata/ELSA-2020-5619-1.html advisory
https://access.redhat.com/errata/RHSA-2021:0164 advisory
https://access.redhat.com/errata/RHSA-2021:0166 advisory

…and 6 more

Open in Interactive Console →