{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-06T11:43:33.604","vulnerabilities":[{"cve":{"id":"CVE-2017-7484","sourceIdentifier":"secalert@redhat.com","published":"2017-05-12T19:29:00.193","lastModified":"2025-04-20T01:37:25.860","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"It was found that some selectivity estimation functions in PostgreSQL before 9.2.21, 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3 did not check user privileges before providing information from pg_statistic, possibly leaking information. An unprivileged attacker could use this flaw to steal some information from tables they are otherwise not allowed to access."},{"lang":"es","value":"Se ha descubierto que algunas funciones de estimación de selectividad en PostgreSQL, en versiones anteriores a la 9.2.21, versiones 9.3.x anteriores a la 9.3.17, versiones 9.4.x anteriores a la 9.4.12, versiones 9.5.x anteriores a la 9.5.7 y versiones 9.6.x anteriores a la 9.6.3, no verificaban los privilegios de usuario antes de ofrecer información de pg_statistic, lo que probablemente implique un filtrado de información. Un atacante sin privilegios podría utilizar este fallo para robar información de tablas a las que, de otra forma, no tendría acceso."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-285"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*","versionEndIncluding":"9.2.20","matchCriteriaId":"20D48E22-78D1-461D-ABE1-C8F578A17CB7"},{"vulnerable":true,"criteria":"cpe:2.3:a:postgresql:postgresql:9.3:*:*:*:*:*:*:*","matchCriteriaId":"5B890251-95EB-44F3-A6A7-F718F3C807B0"},{"vulnerable":true,"criteria":"cpe:2.3:a:postgresql:postgresql:9.3.1:*:*:*:*:*:*:*","matchCriteriaId":"D2E5BD02-8C3D-4687-88DE-1C00366270E7"},{"vulnerable":true,"criteria":"cpe:2.3:a:postgresql:postgresql:9.3.2:*:*:*:*:*:*:*","matchCriteriaId":"709F5DF9-9F3A-42C3-890B-521B13118C0E"},{"vulnerable":true,"criteria":"cpe:2.3:a:postgresql:postgresql:9.3.3:*:*:*:*:*:*:*","matchCriteriaId":"14D85A34-C897-4E52-8F97-18CA51C5461A"},{"vulnerable":true,"criteria":"cpe:2.3:a:postgresql:postgresql:9.3.4:*:*:*:*:*:*:*","matchCriteriaId":"A40DAD2B-A6D4-43D8-B282-A3C672356D6A"},{"vulnerable":true,"criteria":"cpe:2.3:a:postgresql:postgresql:9.3.5:*:*:*:*:*:*:*","matchCriteriaId":"FC2FE391-9414-480E-A9B1-CF70280E315E"},{"vulnerable":true,"criteria":"cpe:2.3:a:postgresql:postgresql:9.3.6:*:*:*:*:*:*:*","matchCriteriaId":"55B6A4ED-FA3B-4251-BF82-755F95277CF9"},{"vulnerable":true,"criteria":"cpe:2.3:a:postgresql:postgresql:9.3.7:*:*:*:*:*:*:*","matchCriteriaId":"C7142DF3-124D-43D7-ADD9-70F4F7298557"},{"vulnerable":true,"criteria":"cpe:2.3:a:postgresql:postgresql:9.3.8:*:*:*:*:*:*:*","matchCriteriaId":"28DEA438-A0ED-49DC-AE51-4E9D8D4B6E7B"},{"vulnerable":true,"criteria":"cpe:2.3:a:postgresql:postgresql:9.3.9:*:*:*:*:*:*:*","matchCriteriaId":"810B184F-6FB8-48D8-A569-F47BA43C4862"},{"vulnerable":true,"criteria":"cpe:2.3:a:postgresql:postgresql:9.3.10:*:*:*:*:*:*:*","matchCriteriaId":"064BF155-7E2D-47B9-BD2B-C6E9FC06F5FC"},{"vulnerable":true,"criteria":"cpe:2.3:a:postgresql:postgresql:9.3.11:*:*:*:*:*:*:*","matchCriteriaId":"676A81BD-7EEE-4770-B9AC-451B09844D6C"},{"vulnerable":true,"criteria":"cpe:2.3:a:postgresql:postgresql:9.3.12:*:*:*:*:*:*:*","matchCriteriaId":"30F23D38-BDD6-48E6-A6B2-29CD962EED99"},{"vulnerable":true,"criteria":"cpe:2.3:a:postgresql:postgresql:9.3.13:*:*:*:*:*:*:*","matchCriteriaId":"89833234-3890-4E2E-8FCF-09925D83ED67"},{"vulnerable":true,"criteria":"cpe:2.3:a:postgresql:postgresql:9.3.14:*:*:*:*:*:*:*","matchCriteriaId":"B8F3ACC3-CB15-47E3-A511-E1D1F75E797F"},{"vulnerable":true,"criteria":"cpe:2.3:a:postgresql:postgresql:9.3.15:*:*:*:*:*:*:*","matchCriteriaId":"0F6FD785-7C9F-4302-B7ED-93CA04473ACE"},{"vulnerable":true,"criteria":"cpe:2.3:a:postgresql:postgresql:9.3.16:*:*:*:*:*:*:*","matchCriteriaId":"EC1BA72C-3A6E-450B-A3DE-3898DEAA9225"},{"vulnerable":true,"criteria":"cpe:2.3:a:postgresql:postgresql:9.4:*:*:*:*:*:*:*","matchCriteriaId":"77D1323D-3096-4D0F-823A-ECAC9017646D"},{"vulnerable":true,"criteria":"cpe:2.3:a:postgresql:postgresql:9.4.1:*:*:*:*:*:*:*","matchCriteriaId":"8A587AF3-5E70-4455-8621-DFD048207DE2"},{"vulnerable":true,"criteria":"cpe:2.3:a:postgresql:postgresql:9.4.2:*:*:*:*:*:*:*","matchCriteriaId":"526AFF26-B3EC-41C3-AC4C-85BFA3F99AC8"},{"vulnerable":true,"criteria":"cpe:2.3:a:postgresql:postgresql:9.4.3:*:*:*:*:*:*:*","matchCriteriaId":"89D2CAB7-C3D9-4F21-B902-2E498D00EFEB"},{"vulnerable":true,"criteria":"cpe:2.3:a:postgresql:postgresql:9.4.4:*:*:*:*:*:*:*","matchCriteriaId":"88797795-8B1C-455F-8C52-6169B2E47D53"},{"vulnerable":true,"criteria":"cpe:2.3:a:postgresql:postgresql:9.4.5:*:*:*:*:*:*:*","matchCriteriaId":"DBDE0CC8-F1DF-4723-8FCB-9A33EA8B12D3"},{"vulnerable":true,"criteria":"cpe:2.3:a:postgresql:postgresql:9.4.6:*:*:*:*:*:*:*","matchCriteriaId":"90F13667-019B-49DF-929C-3D376FCDE6E4"},{"vulnerable":true,"criteria":"cpe:2.3:a:postgresql:postgresql:9.4.7:*:*:*:*:*:*:*","matchCriteriaId":"B9E20AA3-C0D3-492C-AF3B-9F61550E6983"},{"vulnerable":true,"criteria":"cpe:2.3:a:postgresql:postgresql:9.4.8:*:*:*:*:*:*:*","matchCriteriaId":"251C78CA-EEC0-49A8-A3D2-3C86D16CCB7F"},{"vulnerable":true,"criteria":"cpe:2.3:a:postgresql:postgresql:9.4.9:*:*:*:*:*:*:*","matchCriteriaId":"AB443A75-2466-4164-A71B-9203933CB0D6"},{"vulnerable":true,"criteria":"cpe:2.3:a:postgresql:postgresql:9.4.10:*:*:*:*:*:*:*","matchCriteriaId":"B02839D4-EE7D-4D42-8934-322E46B643D4"},{"vulnerable":true,"criteria":"cpe:2.3:a:postgresql:postgresql:9.4.11:*:*:*:*:*:*:*","matchCriteriaId":"B1BAE807-A21F-4980-B64E-911F5E9B16BF"},{"vulnerable":true,"criteria":"cpe:2.3:a:postgresql:postgresql:9.5:*:*:*:*:*:*:*","matchCriteriaId":"9FF7FC5B-C9E3-4109-B3D6-9AC06F75DCB3"},{"vulnerable":true,"criteria":"cpe:2.3:a:postgresql:postgresql:9.5.1:*:*:*:*:*:*:*","matchCriteriaId":"D2C15A86-9ED9-492E-877B-86963DAA761A"},{"vulnerable":true,"criteria":"cpe:2.3:a:postgresql:postgresql:9.5.2:*:*:*:*:*:*:*","matchCriteriaId":"9EF74623-EF0E-455D-ADEB-9E336B539D86"},{"vulnerable":true,"criteria":"cpe:2.3:a:postgresql:postgresql:9.5.3:*:*:*:*:*:*:*","matchCriteriaId":"FACD7AB7-34E9-4DFC-A788-7B9BF745D780"},{"vulnerable":true,"criteria":"cpe:2.3:a:postgresql:postgresql:9.5.4:*:*:*:*:*:*:*","matchCriteriaId":"F8E8AEBB-9968-458D-8EE4-2725BBE1A53F"},{"vulnerable":true,"criteria":"cpe:2.3:a:postgresql:postgresql:9.5.5:*:*:*:*:*:*:*","matchCriteriaId":"7ECC17E6-C5FF-4B63-807A-26E5E6932C5C"},{"vulnerable":true,"criteria":"cpe:2.3:a:postgresql:postgresql:9.5.6:*:*:*:*:*:*:*","matchCriteriaId":"7DB72357-B16D-488A-995C-2703CCEC1D8F"},{"vulnerable":true,"criteria":"cpe:2.3:a:postgresql:postgresql:9.6:*:*:*:*:*:*:*","matchCriteriaId":"7040466B-2A7D-4E75-8E4F-FA70D4A7E014"},{"vulnerable":true,"criteria":"cpe:2.3:a:postgresql:postgresql:9.6.1:*:*:*:*:*:*:*","matchCriteriaId":"44887DE9-506B-46E3-922C-7B3C14B0AF33"},{"vulnerable":true,"criteria":"cpe:2.3:a:postgresql:postgresql:9.6.2:*:*:*:*:*:*:*","matchCriteriaId":"D1250F15-7A05-452A-8958-3B1B32B326E1"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3851","source":"secalert@redhat.com"},{"url":"http://www.securityfocus.com/bid/98459","source":"secalert@redhat.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1038476","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2017:1677","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2017:1678","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2017:1838","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2017:1983","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2017:2425","source":"secalert@redhat.com"},{"url":"https://security.gentoo.org/glsa/201710-06","source":"secalert@redhat.com"},{"url":"https://www.postgresql.org/about/news/1746/","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3851","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/98459","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1038476","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2017:1677","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2017:1678","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2017:1838","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2017:1983","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2017:2425","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201710-06","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.postgresql.org/about/news/1746/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}