{"containers": {"cna": {"affected": [{"product": "PostgreSQL", "vendor": "The PostgreSQL Global Development Group", "versions": [{"status": "affected", "version": "9.2 - 9.6"}]}], "datePublic": "2017-05-12T00:00:00", "descriptions": [{"lang": "en", "value": "It was found that some selectivity estimation functions in PostgreSQL before 9.2.21, 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3 did not check user privileges before providing information from pg_statistic, possibly leaking information. An unprivileged attacker could use this flaw to steal some information from tables they are otherwise not allowed to access."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-285", "description": "CWE-285", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-01-04T19:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "1038476", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1038476"}, {"name": "DSA-3851", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2017/dsa-3851"}, {"name": "RHSA-2017:2425", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:2425"}, {"name": "RHSA-2017:1678", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:1678"}, {"name": "RHSA-2017:1677", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:1677"}, {"name": "RHSA-2017:1983", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:1983"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.postgresql.org/about/news/1746/"}, {"name": "RHSA-2017:1838", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:1838"}, {"name": "98459", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/98459"}, {"name": "GLSA-201710-06", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201710-06"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2017-7484", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "PostgreSQL", "version": {"version_data": [{"version_value": "9.2 - 9.6"}]}}]}, "vendor_name": "The PostgreSQL Global Development Group"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "It was found that some selectivity estimation functions in PostgreSQL before 9.2.21, 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3 did not check user privileges before providing information from pg_statistic, possibly leaking information. An unprivileged attacker could use this flaw to steal some information from tables they are otherwise not allowed to access."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-285"}]}]}, "references": {"reference_data": [{"name": "1038476", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038476"}, {"name": "DSA-3851", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3851"}, {"name": "RHSA-2017:2425", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2425"}, {"name": "RHSA-2017:1678", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1678"}, {"name": "RHSA-2017:1677", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1677"}, {"name": "RHSA-2017:1983", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1983"}, {"name": "https://www.postgresql.org/about/news/1746/", "refsource": "CONFIRM", "url": "https://www.postgresql.org/about/news/1746/"}, {"name": "RHSA-2017:1838", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1838"}, {"name": "98459", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98459"}, {"name": "GLSA-201710-06", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201710-06"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T16:04:11.415Z"}, "title": "CVE Program Container", "references": [{"name": "1038476", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1038476"}, {"name": "DSA-3851", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2017/dsa-3851"}, {"name": "RHSA-2017:2425", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2017:2425"}, {"name": "RHSA-2017:1678", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2017:1678"}, {"name": "RHSA-2017:1677", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2017:1677"}, {"name": "RHSA-2017:1983", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2017:1983"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.postgresql.org/about/news/1746/"}, {"name": "RHSA-2017:1838", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2017:1838"}, {"name": "98459", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/98459"}, {"name": "GLSA-201710-06", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201710-06"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2017-7484", "datePublished": "2017-05-12T19:00:00", "dateReserved": "2017-04-05T00:00:00", "dateUpdated": "2024-08-05T16:04:11.415Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "matchCriteriaId": "20D48E22-78D1-461D-ABE1-C8F578A17CB7", "versionEndIncluding": "9.2.20", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.3:*:*:*:*:*:*:*", "matchCriteriaId": "5B890251-95EB-44F3-A6A7-F718F3C807B0", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "D2E5BD02-8C3D-4687-88DE-1C00366270E7", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "709F5DF9-9F3A-42C3-890B-521B13118C0E", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "14D85A34-C897-4E52-8F97-18CA51C5461A", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.3.4:*:*:*:*:*:*:*", "matchCriteriaId": "A40DAD2B-A6D4-43D8-B282-A3C672356D6A", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.3.5:*:*:*:*:*:*:*", "matchCriteriaId": "FC2FE391-9414-480E-A9B1-CF70280E315E", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.3.6:*:*:*:*:*:*:*", "matchCriteriaId": "55B6A4ED-FA3B-4251-BF82-755F95277CF9", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.3.7:*:*:*:*:*:*:*", "matchCriteriaId": "C7142DF3-124D-43D7-ADD9-70F4F7298557", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.3.8:*:*:*:*:*:*:*", "matchCriteriaId": "28DEA438-A0ED-49DC-AE51-4E9D8D4B6E7B", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.3.9:*:*:*:*:*:*:*", "matchCriteriaId": "810B184F-6FB8-48D8-A569-F47BA43C4862", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.3.10:*:*:*:*:*:*:*", "matchCriteriaId": "064BF155-7E2D-47B9-BD2B-C6E9FC06F5FC", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.3.11:*:*:*:*:*:*:*", "matchCriteriaId": "676A81BD-7EEE-4770-B9AC-451B09844D6C", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.3.12:*:*:*:*:*:*:*", "matchCriteriaId": "30F23D38-BDD6-48E6-A6B2-29CD962EED99", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.3.13:*:*:*:*:*:*:*", "matchCriteriaId": "89833234-3890-4E2E-8FCF-09925D83ED67", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.3.14:*:*:*:*:*:*:*", "matchCriteriaId": "B8F3ACC3-CB15-47E3-A511-E1D1F75E797F", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.3.15:*:*:*:*:*:*:*", "matchCriteriaId": "0F6FD785-7C9F-4302-B7ED-93CA04473ACE", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.3.16:*:*:*:*:*:*:*", "matchCriteriaId": "EC1BA72C-3A6E-450B-A3DE-3898DEAA9225", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.4:*:*:*:*:*:*:*", "matchCriteriaId": "77D1323D-3096-4D0F-823A-ECAC9017646D", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "8A587AF3-5E70-4455-8621-DFD048207DE2", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "526AFF26-B3EC-41C3-AC4C-85BFA3F99AC8", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "89D2CAB7-C3D9-4F21-B902-2E498D00EFEB", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.4.4:*:*:*:*:*:*:*", "matchCriteriaId": "88797795-8B1C-455F-8C52-6169B2E47D53", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.4.5:*:*:*:*:*:*:*", "matchCriteriaId": "DBDE0CC8-F1DF-4723-8FCB-9A33EA8B12D3", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.4.6:*:*:*:*:*:*:*", "matchCriteriaId": "90F13667-019B-49DF-929C-3D376FCDE6E4", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.4.7:*:*:*:*:*:*:*", "matchCriteriaId": "B9E20AA3-C0D3-492C-AF3B-9F61550E6983", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.4.8:*:*:*:*:*:*:*", "matchCriteriaId": "251C78CA-EEC0-49A8-A3D2-3C86D16CCB7F", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.4.9:*:*:*:*:*:*:*", "matchCriteriaId": "AB443A75-2466-4164-A71B-9203933CB0D6", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.4.10:*:*:*:*:*:*:*", "matchCriteriaId": "B02839D4-EE7D-4D42-8934-322E46B643D4", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.4.11:*:*:*:*:*:*:*", "matchCriteriaId": "B1BAE807-A21F-4980-B64E-911F5E9B16BF", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.5:*:*:*:*:*:*:*", "matchCriteriaId": "9FF7FC5B-C9E3-4109-B3D6-9AC06F75DCB3", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "D2C15A86-9ED9-492E-877B-86963DAA761A", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "9EF74623-EF0E-455D-ADEB-9E336B539D86", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "FACD7AB7-34E9-4DFC-A788-7B9BF745D780", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.5.4:*:*:*:*:*:*:*", "matchCriteriaId": "F8E8AEBB-9968-458D-8EE4-2725BBE1A53F", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.5.5:*:*:*:*:*:*:*", "matchCriteriaId": "7ECC17E6-C5FF-4B63-807A-26E5E6932C5C", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.5.6:*:*:*:*:*:*:*", "matchCriteriaId": "7DB72357-B16D-488A-995C-2703CCEC1D8F", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.6:*:*:*:*:*:*:*", "matchCriteriaId": "7040466B-2A7D-4E75-8E4F-FA70D4A7E014", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "44887DE9-506B-46E3-922C-7B3C14B0AF33", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "D1250F15-7A05-452A-8958-3B1B32B326E1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "It was found that some selectivity estimation functions in PostgreSQL before 9.2.21, 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3 did not check user privileges before providing information from pg_statistic, possibly leaking information. An unprivileged attacker could use this flaw to steal some information from tables they are otherwise not allowed to access."}, {"lang": "es", "value": "Se ha descubierto que algunas funciones de estimaci\u00f3n de selectividad en PostgreSQL, en versiones anteriores a la 9.2.21, versiones 9.3.x anteriores a la 9.3.17, versiones 9.4.x anteriores a la 9.4.12, versiones 9.5.x anteriores a la 9.5.7 y versiones 9.6.x anteriores a la 9.6.3, no verificaban los privilegios de usuario antes de ofrecer informaci\u00f3n de pg_statistic, lo que probablemente implique un filtrado de informaci\u00f3n. Un atacante sin privilegios podr\u00eda utilizar este fallo para robar informaci\u00f3n de tablas a las que, de otra forma, no tendr\u00eda acceso."}], "id": "CVE-2017-7484", "lastModified": "2024-11-21T03:31:59.673", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-05-12T19:29:00.193", "references": [{"source": "secalert@redhat.com", "url": "http://www.debian.org/security/2017/dsa-3851"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/98459"}, {"source": "secalert@redhat.com", "url": "http://www.securitytracker.com/id/1038476"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2017:1677"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2017:1678"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2017:1838"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2017:1983"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2017:2425"}, {"source": "secalert@redhat.com", "url": "https://security.gentoo.org/glsa/201710-06"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://www.postgresql.org/about/news/1746/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2017/dsa-3851"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/98459"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1038476"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2017:1677"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2017:1678"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2017:1838"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2017:1983"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2017:2425"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/201710-06"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.postgresql.org/about/news/1746/"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-285"}], "source": "secalert@redhat.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank the PostgreSQL project for reporting this issue. Upstream acknowledges Robert Haas as the original reporter.", "affected_release": [{"advisory": "RHSA-2017:1983", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "postgresql-0:9.2.21-1.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2017-08-01T00:00:00Z"}, {"advisory": "RHSA-2017:2425", "cpe": "cpe:/a:redhat:network_satellite:5.7::el6", "package": "rh-postgresql95-0:2.2-3.el6", "product_name": "Red Hat Satellite 5.7", "release_date": "2017-08-07T00:00:00Z"}, {"advisory": "RHSA-2017:2425", "cpe": "cpe:/a:redhat:network_satellite:5.7::el6", "package": "rh-postgresql95-postgresql-0:9.5.7-2.el6", "product_name": "Red Hat Satellite 5.7", "release_date": "2017-08-07T00:00:00Z"}, {"advisory": "RHSA-2017:2425", "cpe": "cpe:/a:redhat:network_satellite:5.7::el6", "package": "spacewalk-backend-0:2.3.3-53.el6sat", "product_name": "Red Hat Satellite 5.7", "release_date": "2017-08-07T00:00:00Z"}, {"advisory": "RHSA-2017:2425", "cpe": "cpe:/a:redhat:network_satellite:5.7::el6", "package": "spacewalk-postgresql-server-0:9.5-1.el6sat", "product_name": "Red Hat Satellite 5.7", "release_date": "2017-08-07T00:00:00Z"}, {"advisory": "RHSA-2017:2425", "cpe": "cpe:/a:redhat:network_satellite:5.7::el6", "package": "spacewalk-setup-postgresql-0:2.3.0-27.el6sat", "product_name": "Red Hat Satellite 5.7", "release_date": "2017-08-07T00:00:00Z"}, {"advisory": "RHSA-2017:2425", "cpe": "cpe:/a:redhat:network_satellite:5.7::el6", "package": "spacewalk-utils-0:2.3.2-32.el6sat", "product_name": "Red Hat Satellite 5.7", "release_date": "2017-08-07T00:00:00Z"}, {"advisory": "RHSA-2017:2425", "cpe": "cpe:/a:redhat:network_satellite:5.7::el6", "package": "spacewalk-web-0:2.3.2-35.el6sat", "product_name": "Red Hat Satellite 5.7", "release_date": "2017-08-07T00:00:00Z"}, {"advisory": "RHSA-2017:2425", "cpe": "cpe:/a:redhat:network_satellite_managed_db:5.7::el6", "package": "rh-postgresql95-0:2.2-3.el6", "product_name": "Red Hat Satellite 5.7", "release_date": "2017-08-07T00:00:00Z"}, {"advisory": "RHSA-2017:2425", "cpe": "cpe:/a:redhat:network_satellite_managed_db:5.7::el6", "package": "rh-postgresql95-postgresql-0:9.5.7-2.el6", "product_name": "Red Hat Satellite 5.7", "release_date": "2017-08-07T00:00:00Z"}, {"advisory": "RHSA-2017:2425", "cpe": "cpe:/a:redhat:network_satellite_managed_db:5.7::el6", "package": "spacewalk-backend-0:2.3.3-53.el6sat", "product_name": "Red Hat Satellite 5.7", "release_date": "2017-08-07T00:00:00Z"}, {"advisory": "RHSA-2017:2425", "cpe": "cpe:/a:redhat:network_satellite_managed_db:5.7::el6", "package": "spacewalk-postgresql-server-0:9.5-1.el6sat", "product_name": "Red Hat Satellite 5.7", "release_date": "2017-08-07T00:00:00Z"}, {"advisory": "RHSA-2017:2425", "cpe": "cpe:/a:redhat:network_satellite_managed_db:5.7::el6", "package": "spacewalk-setup-postgresql-0:2.3.0-27.el6sat", "product_name": "Red Hat Satellite 5.7", "release_date": "2017-08-07T00:00:00Z"}, {"advisory": "RHSA-2017:2425", "cpe": "cpe:/a:redhat:network_satellite_managed_db:5.7::el6", "package": "spacewalk-utils-0:2.3.2-32.el6sat", "product_name": "Red Hat Satellite 5.7", "release_date": "2017-08-07T00:00:00Z"}, {"advisory": "RHSA-2017:2425", "cpe": "cpe:/a:redhat:network_satellite_managed_db:5.7::el6", "package": "spacewalk-web-0:2.3.2-35.el6sat", "product_name": "Red Hat Satellite 5.7", "release_date": "2017-08-07T00:00:00Z"}, {"advisory": "RHSA-2017:1838", "cpe": "cpe:/a:redhat:network_satellite:5.8::el6", "package": "rh-postgresql95-postgresql-0:9.5.7-2.el6", "product_name": "Red Hat Satellite 5.8", "release_date": "2017-07-31T00:00:00Z"}, {"advisory": "RHSA-2017:1838", "cpe": "cpe:/a:redhat:network_satellite_managed_db:5.8::el6", "package": "rh-postgresql95-postgresql-0:9.5.7-2.el6", "product_name": "Red Hat Satellite 5.8", "release_date": "2017-07-31T00:00:00Z"}, {"advisory": "RHSA-2017:1838", "cpe": "cpe:/a:redhat:network_satellite:5.8::el6", "package": "rh-postgresql95-postgresql-0:9.5.7-2.el6", "product_name": "Red Hat Satellite 5.8 ELS", "release_date": "2017-07-31T00:00:00Z"}, {"advisory": "RHSA-2017:1677", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "rh-postgresql95-postgresql-0:9.5.7-2.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6", "release_date": "2017-07-05T00:00:00Z"}, {"advisory": "RHSA-2017:1678", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "rh-postgresql94-postgresql-0:9.4.12-1.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6", "release_date": "2017-07-05T00:00:00Z"}, {"advisory": "RHSA-2017:1677", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "rh-postgresql95-postgresql-0:9.5.7-2.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS", "release_date": "2017-07-05T00:00:00Z"}, {"advisory": "RHSA-2017:1678", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "rh-postgresql94-postgresql-0:9.4.12-1.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS", "release_date": "2017-07-05T00:00:00Z"}, {"advisory": "RHSA-2017:1677", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "rh-postgresql95-postgresql-0:9.5.7-2.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2017-07-05T00:00:00Z"}, {"advisory": "RHSA-2017:1678", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "rh-postgresql94-postgresql-0:9.4.12-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2017-07-05T00:00:00Z"}, {"advisory": "RHSA-2017:1677", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "rh-postgresql95-postgresql-0:9.5.7-2.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS", "release_date": "2017-07-05T00:00:00Z"}, {"advisory": "RHSA-2017:1678", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "rh-postgresql94-postgresql-0:9.4.12-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS", "release_date": "2017-07-05T00:00:00Z"}], "bugzilla": {"description": "postgresql: Selectivity estimators bypass SELECT privilege checks", "id": "1448078", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1448078"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "status": "verified"}, "cwe": "CWE-862", "details": ["It was found that some selectivity estimation functions in PostgreSQL before 9.2.21, 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3 did not check user privileges before providing information from pg_statistic, possibly leaking information. An unprivileged attacker could use this flaw to steal some information from tables they are otherwise not allowed to access.", "It was found that some selectivity estimation functions did not check user privileges before providing information from pg_statistic, possibly leaking information. A non-administrative database user could use this flaw to steal some information from tables they are otherwise not allowed to access."], "name": "CVE-2017-7484", "package_state": [{"cpe": "cpe:/a:redhat:cloudforms_managementengine:5", "fix_state": "Affected", "package_name": "rh-postgresql94-postgresql", "product_name": "CloudForms Management Engine 5"}, {"cpe": "cpe:/a:redhat:cloudforms_managementengine:5", "fix_state": "Affected", "package_name": "rh-postgresql95-postgresql", "product_name": "CloudForms Management Engine 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "postgresql", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "postgresql84", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "postgresql", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2017-05-11T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2017-7484\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7484\nhttps://www.postgresql.org/about/news/1746/"], "threat_severity": "Moderate", "upstream_fix": "postgresql 9.2.21, postgresql 9.3.17, postgresql 9.4.12, postgresql 9.5.7, postgresql 9.6.3"}