Описание
A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption.
Отчет
In Red Hat Virtualization the manager appliance uses a vulnerable version of postgresql. Once a fix has been shipped for RHEL 8 the appliance can consume the fix via a regular yum update.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat build of Debezium 1 | postgresql | Not affected | ||
| Red Hat build of Quarkus | postgresql | Not affected | ||
| Red Hat Decision Manager 7 | postgresql | Not affected | ||
| Red Hat Enterprise Linux 5 | postgresql | Out of support scope | ||
| Red Hat Enterprise Linux 6 | postgresql | Out of support scope | ||
| Red Hat Enterprise Linux 7 | postgresql | Out of support scope | ||
| Red Hat Enterprise Linux 8 | postgresql:10/postgresql | Not affected | ||
| Red Hat Enterprise Linux 8 | postgresql:12/postgresql | Not affected | ||
| Red Hat Enterprise Linux 8 | postgresql:13/postgresql | Not affected | ||
| Red Hat Enterprise Linux 8 | postgresql:9.6/postgresql | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
3.7 Low
CVSS3
Связанные уязвимости
A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption.
A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption.
A man-in-the-middle attacker can inject false responses to the client' ...
EPSS
3.7 Low
CVSS3