Vulnerability CVE-2022-1552

Vulnerability Name:

CVE-2022-1552 (CCN-226521)

Assigned:

2022-05-12

Published:

2022-05-12

Updated:

2022-12-08

Summary:

A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck commands activated relevant protections too late or not at all during the process. This flaw allows an attacker with permission to create non-temporary objects in at least one schema to execute arbitrary SQL functions under a superuser identity.

CVSS v3 Severity:

8.8 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
7.7 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

8.8 High (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
7.7 High (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

9.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

CWE-89

Vulnerability Consequences:

Bypass Security

References:

Source: MITRE
Type: CNA
CVE-2022-1552

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: CCN
Type: Red Hat Bugzilla Bug 2081126
(CVE-2022-1552) - CVE-2022-1552 postgresql: Autovacuum, REINDEX, and others omit security restricted operation sandbox

Source: secalert@redhat.com
Type: Issue Tracking, Patch, Third Party Advisory
secalert@redhat.com

Source: XF
Type: UNKNOWN
postgresql-cve20221552-sec-bypass(226521)

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: CCN
Type: IBM Security Bulletin 6602959 (Sterling Connect:Direct for Microsoft Windows)
IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to remote SQL execution due to PostgreSQL (CVE-2022-1552)

Source: CCN
Type: IBM Security Bulletin 6610084 (Data Risk Manager)
IBM Data Risk Manager is affected by multiple vulnerabilities including remote code execution in Apache Log4j 1.x

Source: CCN
Type: IBM Security Bulletin 6615005 (Sterling Connect:Direct Web Services)
IBM Connect:Direct Web Services vulnerable to remote security bypass due to PostgreSQL (CVE-2022-1552)

Source: CCN
Type: IBM Security Bulletin 6619905 (Spectrum Copy Data Management)
Vulnerabilities in Golang Go, PostgreSQL, jQuery, and Google Gson may affect IBM Spectrum Copy Data Management

Source: CCN
Type: IBM Security Bulletin 6827881 (Security QRadar Network Threat Analytics)
IBM Security Network Threat Analytics for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities (CVE-2022-1941, CVE-2022-34749, CVE-2022-1552)

Source: CCN
Type: IBM Security Bulletin 6828557 (Security Guardium)
IBM Security Guardium is affected by a PostgreSQL vulnerability (CVE-2022-1552)

Source: CCN
Type: IBM Security Bulletin 6831855 (QRadar SIEM)
IBM QRadar SIEM is vulnerable to Using Components with Known Vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6833500 (Elastic Storage System)
Vulnerability in PostgreSQL may affect IBM Elastic Storage System

Source: CCN
Type: IBM Security Bulletin 6848189 (Cloud Pak for Watson AIOps)
Multiple Vulnerabilities in CloudPak for Watson AIOPs

Source: CCN
Type: Mend Vulnerability Database
CVE-2022-1552

Source: secalert@redhat.com
Type: Vendor Advisory
secalert@redhat.com

Source: CCN
Type: PostgreSQL Web site
Autovacuum, REINDEX, and others omit security restricted operation sandbox

Source: secalert@redhat.com
Type: Vendor Advisory
secalert@redhat.com

Vulnerable Configuration:

Configuration RedHat 1:

cpe:/a:redhat:enterprise_linux:9:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/a:redhat:enterprise_linux:9::appstream:*:*:*:*:*

Configuration RedHat 3:

cpe:/a:redhat:enterprise_linux:9::crb:*:*:*:*:*

Configuration RedHat 4:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 5:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration RedHat 6:

cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:*

Configuration RedHat 7:

cpe:/o:redhat:enterprise_linux:7::client:*:*:*:*:*

Configuration RedHat 8:

cpe:/o:redhat:enterprise_linux:7::computenode:*:*:*:*:*

Configuration RedHat 9:

cpe:/o:redhat:enterprise_linux:7::server:*:*:*:*:*

Configuration RedHat 10:

cpe:/o:redhat:enterprise_linux:7::workstation:*:*:*:*:*

Configuration CCN 1:

cpe:/a:postgresql:postgresql:10.1:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:10.2:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:10.4:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:10.5:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:11.2:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:10.7:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:10.8:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:11.3:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:10.11:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:11.6:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:12.1:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:12.3:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:11.8:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:10.13:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:12.4:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:11.9:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:10.14:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:10.15:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:11.10:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:12.5:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:13.1:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:10.16:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:11.11:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:12.6:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:13.2:*:*:*:*:*:*:*

AND

cpe:/a:ibm:sterling_connect:direct:4.8:*:*:*:microsoft_windows:*:*:*

OR cpe:/a:ibm:sterling_connect:direct:6.0:*:*:*:microsoft_windows:*:*:*

OR cpe:/a:ibm:security_guardium:11.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_guardium:11.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.4:-:*:*:*:*:*:*

OR cpe:/a:ibm:security_guardium:11.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_guardium:11.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_guardium:11.4:*:*:*:*:*:*:*

OR cpe:/a:ibm:spectrum_copy_data_management:2.2.0.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:com.redhat.rhsa:def:20225162	P	RHSA-2022:5162: postgresql security update (Important)	2022-06-22
oval:org.opensuse.security:def:95237	P	Security update for postgresql14 (Important)	2022-06-01
oval:org.opensuse.security:def:3607	P	Security update for postgresql14 (Important)	2022-06-01
oval:org.opensuse.security:def:94030	P	(Important)	2022-06-01
oval:org.opensuse.security:def:1520	P	Security update for postgresql14 (Important)	2022-06-01
oval:org.opensuse.security:def:94242	P	(Important)	2022-06-01
oval:org.opensuse.security:def:95389	P	Security update for postgresql14 (Important)	2022-06-01
oval:org.opensuse.security:def:3756	P	Security update for postgresql14 (Important)	2022-06-01
oval:org.opensuse.security:def:507	P	Security update for postgresql14 (Important)	2022-06-01
oval:org.opensuse.security:def:94451	P	(Important)	2022-06-01
oval:org.opensuse.security:def:1673	P	Security update for postgresql14 (Important)	2022-06-01
oval:org.opensuse.security:def:908	P	Security update for postgresql14 (Important)	2022-06-01
oval:org.opensuse.security:def:93816	P	(Important)	2022-06-01
oval:com.redhat.rhsa:def:20224855	P	RHSA-2022:4855: postgresql:13 security update (Important)	2022-06-01
oval:org.opensuse.security:def:1235	P	Security update for postgresql10 (Important)	2022-05-31
oval:org.opensuse.security:def:504	P	Security update for postgresql12 (Important)	2022-05-31
oval:org.opensuse.security:def:95346	P	Security update for postgresql13 (Important)	2022-05-31
oval:org.opensuse.security:def:3716	P	Security update for postgresql13 (Important)	2022-05-31
oval:org.opensuse.security:def:1236	P	Security update for postgresql12 (Important)	2022-05-31
oval:org.opensuse.security:def:505	P	Security update for postgresql13 (Important)	2022-05-31
oval:org.opensuse.security:def:1672	P	Security update for postgresql13 (Important)	2022-05-31
oval:org.opensuse.security:def:906	P	Security update for postgresql13 (Important)	2022-05-31
oval:org.opensuse.security:def:1518	P	Security update for postgresql12 (Important)	2022-05-31
oval:com.redhat.rhsa:def:20224807	P	RHSA-2022:4807: postgresql:12 security update (Important)	2022-05-31
oval:org.opensuse.security:def:502	P	Security update for postgresql10 (Important)	2022-05-31
oval:org.opensuse.security:def:1519	P	Security update for postgresql13 (Important)	2022-05-31
oval:com.redhat.rhsa:def:20224771	P	RHSA-2022:4771: postgresql security update (Important)	2022-05-30
oval:com.redhat.rhsa:def:20224805	P	RHSA-2022:4805: postgresql:10 security update (Important)	2022-05-30

BACK