cvelist/2017/7xxx/CVE-2017-7547.json

{
   "CVE_data_meta" : {
      "ASSIGNER" : "secalert@redhat.com",
      "DATE_PUBLIC" : "2017-08-10T00:00:00",
      "ID" : "CVE-2017-7547",
      "STATE" : "PUBLIC"
   },
   "affects" : {
      "vendor" : {
         "vendor_data" : [
            {
               "product" : {
                  "product_data" : [
                     {
                        "product_name" : "postgresql",
                        "version" : {
                           "version_data" : [
                              {
                                 "version_value" : "9.2.x before 9.2.22"
                              },
                              {
                                 "version_value" : "9.3.x before 9.3.18"
                              },
                              {
                                 "version_value" : "9.4.x before 9.4.13"
                              },
                              {
                                 "version_value" : "9.5.x before 9.5.8"
                              },
                              {
                                 "version_value" : "9.6.x before 9.6.4"
                              }
                           ]
                        }
                     }
                  ]
               },
               "vendor_name" : "PostgreSQL"
            }
         ]
      }
   },
   "data_format" : "MITRE",
   "data_type" : "CVE",
   "data_version" : "4.0",
   "description" : {
      "description_data" : [
         {
            "lang" : "eng",
            "value" : "PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers to retrieve passwords from the user mappings defined by the foreign server owners without actually having the privileges to do so."
         }
      ]
   },
   "problemtype" : {
      "problemtype_data" : [
         {
            "description" : [
               {
                  "lang" : "eng",
                  "value" : "CWE-522"
               }
            ]
         }
      ]
   },
   "references" : {
      "reference_data" : [
         {
            "name" : "https://www.postgresql.org/about/news/1772/",
            "refsource" : "CONFIRM",
            "url" : "https://www.postgresql.org/about/news/1772/"
         },
         {
            "name" : "DSA-3936",
            "refsource" : "DEBIAN",
            "url" : "http://www.debian.org/security/2017/dsa-3936"
         },
         {
            "name" : "DSA-3935",
            "refsource" : "DEBIAN",
            "url" : "http://www.debian.org/security/2017/dsa-3935"
         },
         {
            "name" : "GLSA-201710-06",
            "refsource" : "GENTOO",
            "url" : "https://security.gentoo.org/glsa/201710-06"
         },
         {
            "name" : "RHSA-2017:2728",
            "refsource" : "REDHAT",
            "url" : "https://access.redhat.com/errata/RHSA-2017:2728"
         },
         {
            "name" : "RHSA-2017:2677",
            "refsource" : "REDHAT",
            "url" : "https://access.redhat.com/errata/RHSA-2017:2677"
         },
         {
            "name" : "RHSA-2017:2678",
            "refsource" : "REDHAT",
            "url" : "https://access.redhat.com/errata/RHSA-2017:2678"
         },
         {
            "name" : "100275",
            "refsource" : "BID",
            "url" : "http://www.securityfocus.com/bid/100275"
         },
         {
            "name" : "1039142",
            "refsource" : "SECTRACK",
            "url" : "http://www.securitytracker.com/id/1039142"
         }
      ]
   }
}
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`{`
			`"CVE_data_meta" : {`
			`"ASSIGNER" : "secalert@redhat.com",`
- Populated assignment information for various entries. 2017-10-16 16:44:18 -04:00			`"DATE_PUBLIC" : "2017-08-10T00:00:00",`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`"ID" : "CVE-2017-7547",`
			`"STATE" : "PUBLIC"`
			`},`
			`"affects" : {`
			`"vendor" : {`
			`"vendor_data" : [`
			`{`
			`"product" : {`
			`"product_data" : [`
			`{`
- Populated assignment information for various entries. 2017-10-16 16:44:18 -04:00			`"product_name" : "postgresql",`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`"version" : {`
			`"version_data" : [`
			`{`
- Populated assignment information for various entries. 2017-10-16 16:44:18 -04:00			`"version_value" : "9.2.x before 9.2.22"`
			`},`
			`{`
			`"version_value" : "9.3.x before 9.3.18"`
			`},`
			`{`
			`"version_value" : "9.4.x before 9.4.13"`
			`},`
			`{`
			`"version_value" : "9.5.x before 9.5.8"`
			`},`
			`{`
			`"version_value" : "9.6.x before 9.6.4"`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`}`
			`]`
			`}`
			`}`
			`]`
			`},`
- Populated assignment information for various entries. 2017-10-16 16:44:18 -04:00			`"vendor_name" : "PostgreSQL"`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`}`
			`]`
			`}`
			`},`
			`"data_format" : "MITRE",`
			`"data_type" : "CVE",`
			`"data_version" : "4.0",`
			`"description" : {`
			`"description_data" : [`
			`{`
			`"lang" : "eng",`
			`"value" : "PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers to retrieve passwords from the user mappings defined by the foreign server owners without actually having the privileges to do so."`
			`}`
			`]`
			`},`
			`"problemtype" : {`
			`"problemtype_data" : [`
			`{`
			`"description" : [`
			`{`
			`"lang" : "eng",`
- Populated assignment information for various entries. 2017-10-16 16:44:18 -04:00			`"value" : "CWE-522"`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`}`
			`]`
			`}`
			`]`
			`},`
			`"references" : {`
			`"reference_data" : [`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "https://www.postgresql.org/about/news/1772/",`
			`"refsource" : "CONFIRM",`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`"url" : "https://www.postgresql.org/about/news/1772/"`
			`},`
- Synchronized data. 2017-11-04 06:03:52 -04:00			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "DSA-3936",`
			`"refsource" : "DEBIAN",`
- Synchronized data. 2017-11-04 06:03:52 -04:00			`"url" : "http://www.debian.org/security/2017/dsa-3936"`
			`},`
- Synchronized data. 2017-11-06 06:04:05 -05:00			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "DSA-3935",`
			`"refsource" : "DEBIAN",`
- Synchronized data. 2017-11-06 06:04:05 -05:00			`"url" : "http://www.debian.org/security/2017/dsa-3935"`
			`},`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "GLSA-201710-06",`
			`"refsource" : "GENTOO",`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`"url" : "https://security.gentoo.org/glsa/201710-06"`
			`},`
- Synchronized data. 2017-12-08 06:04:30 -05:00			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "RHSA-2017:2728",`
			`"refsource" : "REDHAT",`
- Synchronized data. 2017-12-08 06:04:30 -05:00			`"url" : "https://access.redhat.com/errata/RHSA-2017:2728"`
			`},`
- Synchronized data. 2017-12-30 06:03:45 -05:00			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "RHSA-2017:2677",`
			`"refsource" : "REDHAT",`
- Synchronized data. 2017-12-30 06:03:45 -05:00			`"url" : "https://access.redhat.com/errata/RHSA-2017:2677"`
			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "RHSA-2017:2678",`
			`"refsource" : "REDHAT",`
- Synchronized data. 2017-12-30 06:03:45 -05:00			`"url" : "https://access.redhat.com/errata/RHSA-2017:2678"`
			`},`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "100275",`
			`"refsource" : "BID",`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`"url" : "http://www.securityfocus.com/bid/100275"`
			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "1039142",`
			`"refsource" : "SECTRACK",`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`"url" : "http://www.securitytracker.com/id/1039142"`
			`}`
			`]`
			`}`
			`}`