{
  "document" : {
    "aggregate_severity" : {
      "text" : "mittel"
    },
    "category" : "csaf_base",
    "csaf_version" : "2.0",
    "distribution" : {
      "tlp" : {
        "label" : "WHITE",
        "url" : "https://www.first.org/tlp/"
      }
    },
    "lang" : "de-DE",
    "notes" : [ {
      "category" : "legal_disclaimer",
      "text" : "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen."
    }, {
      "category" : "description",
      "text" : "PostgreSQL ist eine frei verfügbare Datenbank für unterschiedliche Betriebssysteme.",
      "title" : "Produktbeschreibung"
    }, {
      "category" : "summary",
      "text" : "Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in PostgreSQL ausnutzen, um Dateien zu manipulieren oder einen Denial of Service Angriff auszuführen",
      "title" : "Angriff"
    }, {
      "category" : "general",
      "text" : "- Linux\n- UNIX\n- Windows",
      "title" : "Betroffene Betriebssysteme"
    } ],
    "publisher" : {
      "category" : "other",
      "contact_details" : "csaf-provider@cert-bund.de",
      "name" : "Bundesamt für Sicherheit in der Informationstechnik",
      "namespace" : "https://www.bsi.bund.de"
    },
    "references" : [ {
      "category" : "self",
      "summary" : "WID-SEC-W-2023-2489 - CSAF Version",
      "url" : "https://wid.cert-bund.de/.well-known/csaf/white/2016/wid-sec-w-2023-2489.json"
    }, {
      "category" : "self",
      "summary" : "WID-SEC-2023-2489 - Portal Version",
      "url" : "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2489"
    }, {
      "category" : "external",
      "summary" : "PostgreSQL Security Update Release vom 2016-04-03",
      "url" : "http://www.postgresql.org/about/news/1656/"
    }, {
      "category" : "external",
      "summary" : "Amazon Linux Security Advisory ALASPOSTGRESQL14-2023-001 vom 2023-09-28",
      "url" : "https://alas.aws.amazon.com/AL2/ALASPOSTGRESQL14-2023-001.html"
    }, {
      "category" : "external",
      "summary" : "Amazon Linux Security Advisory ALASPOSTGRESQL13-2023-001 vom 2023-09-28",
      "url" : "https://alas.aws.amazon.com/AL2/ALASPOSTGRESQL13-2023-001.html"
    }, {
      "category" : "external",
      "summary" : "Amazon Linux Security Advisory ALASPOSTGRESQL12-2023-001 vom 2023-09-28",
      "url" : "https://alas.aws.amazon.com/AL2/ALASPOSTGRESQL12-2023-001.html"
    }, {
      "category" : "external",
      "summary" : "Amazon Linux Security Advisory ALASPOSTGRESQL11-2023-001 vom 2023-09-28",
      "url" : "https://alas.aws.amazon.com/AL2/ALASPOSTGRESQL11-2023-001.html"
    }, {
      "category" : "external",
      "summary" : "Red Hat Security Advisory RHSA-2023:7772 vom 2023-12-13",
      "url" : "http://access.redhat.com/errata/RHSA-2023:7772"
    }, {
      "category" : "external",
      "summary" : "Amazon Linux Security Advisory ALASPOSTGRESQL14-2024-014 vom 2024-12-19",
      "url" : "https://alas.aws.amazon.com/AL2/ALASPOSTGRESQL14-2024-014.html"
    }, {
      "category" : "external",
      "summary" : "Amazon Linux Security Advisory ALASPOSTGRESQL13-2024-008 vom 2024-12-19",
      "url" : "https://alas.aws.amazon.com/AL2/ALASPOSTGRESQL13-2024-008.html"
    }, {
      "category" : "external",
      "summary" : "Amazon Linux Security Advisory ALASPOSTGRESQL14-2024-015 vom 2024-12-19",
      "url" : "https://alas.aws.amazon.com/AL2/ALASPOSTGRESQL14-2024-015.html"
    }, {
      "category" : "external",
      "summary" : "IBM Security Bulletin 7181893 vom 2025-01-29",
      "url" : "https://www.ibm.com/support/pages/node/7181893"
    }, {
      "category" : "external",
      "summary" : "IBM Security Bulletin 7182335 vom 2025-02-03",
      "url" : "https://www.ibm.com/support/pages/node/7182335"
    } ],
    "source_lang" : "en-US",
    "title" : "PostgreSQL: Mehrere Schwachstellen",
    "tracking" : {
      "current_release_date" : "2025-02-03T23:00:00.000+00:00",
      "generator" : {
        "date" : "2025-02-04T09:24:11.883+00:00",
        "engine" : {
          "name" : "BSI-WID",
          "version" : "1.3.10"
        }
      },
      "id" : "WID-SEC-W-2023-2489",
      "initial_release_date" : "2016-04-03T22:00:00.000+00:00",
      "revision_history" : [ {
        "date" : "2016-04-03T22:00:00.000+00:00",
        "number" : "1",
        "summary" : "Initial Release"
      }, {
        "date" : "2016-04-03T22:00:00.000+00:00",
        "number" : "2",
        "summary" : "Version nicht vorhanden"
      }, {
        "date" : "2023-09-27T22:00:00.000+00:00",
        "number" : "3",
        "summary" : "Neue Updates von Amazon aufgenommen"
      }, {
        "date" : "2023-12-12T23:00:00.000+00:00",
        "number" : "4",
        "summary" : "Neue Updates von Red Hat aufgenommen"
      }, {
        "date" : "2024-12-19T23:00:00.000+00:00",
        "number" : "5",
        "summary" : "Neue Updates von Amazon aufgenommen"
      }, {
        "date" : "2025-01-28T23:00:00.000+00:00",
        "number" : "6",
        "summary" : "Neue Updates von IBM aufgenommen"
      }, {
        "date" : "2025-02-03T23:00:00.000+00:00",
        "number" : "7",
        "summary" : "Neue Updates von IBM aufgenommen"
      } ],
      "status" : "final",
      "version" : "7"
    }
  },
  "product_tree" : {
    "branches" : [ {
      "branches" : [ {
        "category" : "product_name",
        "name" : "Amazon Linux 2",
        "product" : {
          "name" : "Amazon Linux 2",
          "product_id" : "398363",
          "product_identification_helper" : {
            "cpe" : "cpe:/o:amazon:linux_2:-"
          }
        }
      } ],
      "category" : "vendor",
      "name" : "Amazon"
    }, {
      "branches" : [ {
        "branches" : [ {
          "category" : "product_version_range",
          "name" : "<7.5.0 UP11",
          "product" : {
            "name" : "IBM QRadar SIEM <7.5.0 UP11",
            "product_id" : "T040749"
          }
        }, {
          "category" : "product_version",
          "name" : "7.5.0 UP11",
          "product" : {
            "name" : "IBM QRadar SIEM 7.5.0 UP11",
            "product_id" : "T040749-fixed",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:ibm:qradar_siem:7.5.0_up11"
            }
          }
        } ],
        "category" : "product_name",
        "name" : "QRadar SIEM"
      }, {
        "branches" : [ {
          "category" : "product_version_range",
          "name" : "<6.1.0.27",
          "product" : {
            "name" : "IBM Sterling Connect:Direct <6.1.0.27",
            "product_id" : "T040672"
          }
        }, {
          "category" : "product_version",
          "name" : "6.1.0.27",
          "product" : {
            "name" : "IBM Sterling Connect:Direct 6.1.0.27",
            "product_id" : "T040672-fixed",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:ibm:sterling_connect%3adirect:6.1.0.27"
            }
          }
        } ],
        "category" : "product_name",
        "name" : "Sterling Connect:Direct"
      } ],
      "category" : "vendor",
      "name" : "IBM"
    }, {
      "branches" : [ {
        "branches" : [ {
          "category" : "product_version_range",
          "name" : "<9.5.2",
          "product" : {
            "name" : "Open Source PostgreSQL <9.5.2",
            "product_id" : "T007318"
          }
        }, {
          "category" : "product_version",
          "name" : "9.5.2",
          "product" : {
            "name" : "Open Source PostgreSQL 9.5.2",
            "product_id" : "T007318-fixed",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:postgresql:postgresql:9.5.2"
            }
          }
        } ],
        "category" : "product_name",
        "name" : "PostgreSQL"
      } ],
      "category" : "vendor",
      "name" : "Open Source"
    }, {
      "branches" : [ {
        "category" : "product_name",
        "name" : "Red Hat Enterprise Linux",
        "product" : {
          "name" : "Red Hat Enterprise Linux",
          "product_id" : "67646",
          "product_identification_helper" : {
            "cpe" : "cpe:/o:redhat:enterprise_linux:-"
          }
        }
      } ],
      "category" : "vendor",
      "name" : "Red Hat"
    } ]
  },
  "vulnerabilities" : [ {
    "cve" : "CVE-2016-2193",
    "notes" : [ {
      "category" : "description",
      "text" : "Es existiert eine Schwachstelle in PostgreSQL. Ein Angreifer kann diese Schwachstelle ausnutzen, um einen Query Plan für mehr als eine ROLE zu nutzen. Diese Schwachstelle kann dazu führen, dass falsche Row Level Security (RLS) Policies für den Query Plan gesetzt werden können."
    } ],
    "product_status" : {
      "known_affected" : [ "T040749", "67646", "T007318", "398363", "T040672" ]
    },
    "release_date" : "2016-04-03T22:00:00.000+00:00",
    "title" : "CVE-2016-2193"
  }, {
    "cve" : "CVE-2016-3065",
    "notes" : [ {
      "category" : "description",
      "text" : "Es existiert eine Schwachstelle in PostgreSQL. Diese Schwachstelle beruht auf einem Fehler bei der Nutzung von \"pageinspect\" mit BRIN Index Seiten. Ein Angreifer kann diese Schwachstelle zu einem Denial of Service Angriff ausnutzen."
    } ],
    "product_status" : {
      "known_affected" : [ "T040749", "67646", "T007318", "398363", "T040672" ]
    },
    "release_date" : "2016-04-03T22:00:00.000+00:00",
    "title" : "CVE-2016-3065"
  } ]
}