Vulnerability Name: | CVE-2020-13692 (CCN-183018) | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Assigned: | 2020-06-01 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Published: | 2020-06-01 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Updated: | 2022-12-13 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Summary: | PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
CVSS v3 Severity: | 7.7 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H) 6.7 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H/E:U/RL:O/RC:C)
5.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)
6.7 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H/E:U/RL:O/RC:C)
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
CVSS v2 Severity: | 6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Vulnerability Type: | CWE-611 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Vulnerability Consequences: | Obtain Information | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
References: | Source: MITRE Type: CNA CVE-2020-13692 Source: XF Type: UNKNOWN postgresql-cve202013692-xxe-info-disc(183018) Source: CCN Type: PgJDBC GIT Repository Merge pull request from GHSA-37xm-4h3m-5w3v Source: cve@mitre.org Type: Patch, Third Party Advisory cve@mitre.org Source: cve@mitre.org Type: Release Notes, Vendor Advisory cve@mitre.org Source: cve@mitre.org Type: Mailing List, Third Party Advisory cve@mitre.org Source: cve@mitre.org Type: Mailing List, Third Party Advisory cve@mitre.org Source: cve@mitre.org Type: Mailing List, Third Party Advisory cve@mitre.org Source: cve@mitre.org Type: Mailing List, Third Party Advisory cve@mitre.org Source: cve@mitre.org Type: Mailing List, Third Party Advisory cve@mitre.org Source: cve@mitre.org Type: Mailing List, Third Party Advisory cve@mitre.org Source: cve@mitre.org Type: Mailing List, Third Party Advisory cve@mitre.org Source: cve@mitre.org Type: Mailing List, Third Party Advisory cve@mitre.org Source: cve@mitre.org Type: Mailing List, Third Party Advisory cve@mitre.org Source: cve@mitre.org Type: Mailing List, Third Party Advisory cve@mitre.org Source: cve@mitre.org Type: Third Party Advisory cve@mitre.org Source: cve@mitre.org Type: Third Party Advisory cve@mitre.org Source: CCN Type: IBM Security Bulletin 6348046 (Security Access Manager) Security vulnerabilities have been fixed in the IBM Security Access Manager and IBM Security Verify Access products Source: CCN Type: IBM Security Bulletin 6382286 (QRadar) PostgresSQL JDBC Driver as used in IBM QRadar SIEM is vulnerable to information disclosure (CVE-2020-13692) Source: CCN Type: IBM Security Bulletin 6494735 (Disconnected Log Collector) IBM Disconnected Log Collector is vulnerable to using components with known vulnerabilities (CVE-2016-3506, CVE-2020-13692) Source: CCN Type: IBM Security Bulletin 6596987 (Security Guardium) IBM Security Guardium is affected by a postgresql-42.0.0.jar vulnerability Source: CCN Type: IBM Security Bulletin 6854915 (Security Verify Governance) IBM Security Verify Governance is vulnerable to arbitrary code execution, sensitive information exposure and unauthorized access due to PostgreSQL | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Vulnerable Configuration: | Configuration RedHat 1: Configuration CCN 1: ![]() | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Oval Definitions | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
BACK |