CVE-2022-40756

Severity Score

8.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

If folder security is misconfigured for Actian Zen PSQL BEFORE Patch Update 1 for Zen 15 SP1 (v15.11.005), Patch Update 4 for Zen 15 (v15.01.017), or Patch Update 5 for Zen 14 SP2 (v14.21.022), it can allow an attacker (with file read/write access) to remove specific security files in order to reset the master password and gain access to the database.

Si la seguridad de la carpeta está configurada inapropiadamente para Actian Zen PSQL versiones ANTERIORES a la actualización del Parche 1 para Zen 15 SP1 (v15.11.005), la actualización del Parche 4 para Zen 15 (v15.01.017), o la actualización del Parche 5 para Zen 14 SP2 (v14.21.022), puede permitir a un atacante (con acceso de lectura/escritura de archivos) eliminar archivos de seguridad específicos para restablecer la contraseña maestra y conseguir acceso a la base de datos

*Credits: N/A

CVSS Scores

NISTv3.1 8.8

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-09-16 CVE Reserved
2022-09-30 CVE Published
2024-04-22 EPSS Updated
2024-08-03 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (2)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://actian.my.salesforce.com/sfc/p/#300000001XnW/a/4y000000LhjZ/s7Hk0dFM1Z9nLuAPa50rMaZie7mqCR5u33NZFbdKT7Q	2022-10-05
https://www.actian.com/support-services	2022-10-05

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Actian Search vendor "Actian"		Psql Search vendor "Actian" for product "Psql"				>= 11 <= 13 Search vendor "Actian" for product "Psql" and version " >= 11 <= 13"		-		Affected
Actian Search vendor "Actian"		Zen Search vendor "Actian" for product "Zen"				>= 14.0 < 14.21.022 Search vendor "Actian" for product "Zen" and version " >= 14.0 < 14.21.022"		-		Affected
Actian Search vendor "Actian"		Zen Search vendor "Actian" for product "Zen"				>= 15.0 < 15.01.017 Search vendor "Actian" for product "Zen" and version " >= 15.0 < 15.01.017"		-		Affected