Detections
Analytics

CVE-2017-7546

critical

Description

PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to incorrect authentication flaw allowing remote attackers to gain access to database accounts with an empty password.

References

https://security.gentoo.org/glsa/201710-06

https://access.redhat.com/errata/RHSA-2017:2860

https://access.redhat.com/errata/RHSA-2017:2728

https://access.redhat.com/errata/RHSA-2017:2678

https://access.redhat.com/errata/RHSA-2017:2677

http://www.securitytracker.com/id/1039142

http://www.securityfocus.com/bid/100278

http://www.debian.org/security/2017/dsa-3936

http://www.debian.org/security/2017/dsa-3935

https://www.postgresql.org/about/news/1772/

Details

Source: Mitre, NVD

Published: 2017-08-16

Updated: 2025-04-20

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.15596