CVE-2016-7048

HIGH severity · CVSS 8.1 · Improper access control

8.1CVSS HIGH

Summary

The interactive installer in PostgreSQL before 9.3.15, 9.4.x before 9.4.10, and 9.5.x before 9.5.5 might allow remote attackers to execute arbitrary code by leveraging use of HTTP to download software.

Impact & exploitability

Attack vectorNetwork

Attack complexityHigh

Privileges requiredNone

User interactionNone

Confidentiality impactHigh

Integrity impactHigh

Availability impactHigh

Exploit probability (EPSS)12%

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products we track (1)

PostgreSQL

Recommendation

Apply the vendor fix promptly. Open any affected product above for its exact safe version.

Official patch: https://www.postgresql.org/support/security/ ↗

Additional information

NVD record
https://www.postgresql.org/support/security/Patch
https://www.postgresql.org/support/security/Patch
https://bugzilla.redhat.com/show_bug.cgi?id=1378043Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1378043Advisory