CVE-2017-7546

Summary

PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to incorrect authentication flaw allowing remote attackers to gain access to database accounts with an empty password.

Affected Software

VendorProductVersion RangeStatus
PostgreSQLpostgresql9.2.x before 9.2.22affected
PostgreSQLpostgresql9.3.x before 9.3.18affected
PostgreSQLpostgresql9.4.x before 9.4.13affected
PostgreSQLpostgresql9.5.x before 9.5.8affected
PostgreSQLpostgresql9.6.x before 9.6.4affected

Weaknesses

  • CWE-287: CWE-287

ADP Enrichment

CVE Program Container

Additional References

References