CVE-2022-40756

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Actian Zen PSQL versions prior to v15.11.005 Actian Zen PSQL versions prior to v15.01.017 Actian Zen PSQL versions prior to v14.21.022

Description The issue arises when folder security is misconfigured, allowing an attacker with file read/write access to remove specific security files. This can lead to the master password being reset, resulting in unauthorized access to the database.

Recommendations For versions prior to v15.11.005, apply Patch Update 1 for Zen 15 SP1. For versions prior to v15.01.017, apply Patch Update 4 for Zen 15. For versions prior to v14.21.022, apply Patch Update 5 for Zen 14 SP2.

Fix

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-732

Related Identifiers

CVE-2022-40756

Affected Products

Actian Zen Psql

CVE-2022-40756

Weakness Enumeration

Related Identifiers

Affected Products

References · 6