VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-w4q3-kj53-aaaa

Essentials
Severities (107)
References (28)
Severity details (11)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-w4q3-kj53-aaaa
Aliases	CVE-2018-10925
Summary	It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 failed to properly check authorization on certain statements involved with "INSERT ... ON CONFLICT DO UPDATE". An attacker with "CREATE TABLE" privileges could exploit this to read arbitrary bytes server memory. If the attacker also had certain "INSERT" and limited "UPDATE" privileges to a particular table, they could exploit this to update other columns in the same table.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-863

Incorrect Authorization

System	Score	Found at
generic_textual	Medium	http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-10925.html
rhas	Important	https://access.redhat.com/errata/RHSA-2018:2511
rhas	Important	https://access.redhat.com/errata/RHSA-2018:2565
rhas	Important	https://access.redhat.com/errata/RHSA-2018:2566
rhas	Important	https://access.redhat.com/errata/RHSA-2018:3816
cvssv3	7.1	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10925.json
epss	0.00134	https://api.first.org/data/v1/epss?cve=CVE-2018-10925
epss	0.00134	https://api.first.org/data/v1/epss?cve=CVE-2018-10925
epss	0.00134	https://api.first.org/data/v1/epss?cve=CVE-2018-10925
epss	0.00134	https://api.first.org/data/v1/epss?cve=CVE-2018-10925
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2018-10925
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2018-10925
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2018-10925
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2018-10925
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2018-10925
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2018-10925
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2018-10925
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2018-10925
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2018-10925
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2018-10925
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2018-10925
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2018-10925
epss	0.00443	https://api.first.org/data/v1/epss?cve=CVE-2018-10925
epss	0.00443	https://api.first.org/data/v1/epss?cve=CVE-2018-10925
epss	0.00443	https://api.first.org/data/v1/epss?cve=CVE-2018-10925
epss	0.00443	https://api.first.org/data/v1/epss?cve=CVE-2018-10925
epss	0.00443	https://api.first.org/data/v1/epss?cve=CVE-2018-10925
epss	0.00452	https://api.first.org/data/v1/epss?cve=CVE-2018-10925
epss	0.00452	https://api.first.org/data/v1/epss?cve=CVE-2018-10925
epss	0.00452	https://api.first.org/data/v1/epss?cve=CVE-2018-10925
epss	0.00452	https://api.first.org/data/v1/epss?cve=CVE-2018-10925
epss	0.00452	https://api.first.org/data/v1/epss?cve=CVE-2018-10925
epss	0.00452	https://api.first.org/data/v1/epss?cve=CVE-2018-10925
epss	0.00452	https://api.first.org/data/v1/epss?cve=CVE-2018-10925
epss	0.00452	https://api.first.org/data/v1/epss?cve=CVE-2018-10925
epss	0.00452	https://api.first.org/data/v1/epss?cve=CVE-2018-10925
epss	0.00452	https://api.first.org/data/v1/epss?cve=CVE-2018-10925
epss	0.00452	https://api.first.org/data/v1/epss?cve=CVE-2018-10925
epss	0.00452	https://api.first.org/data/v1/epss?cve=CVE-2018-10925
epss	0.00452	https://api.first.org/data/v1/epss?cve=CVE-2018-10925
epss	0.00452	https://api.first.org/data/v1/epss?cve=CVE-2018-10925
epss	0.00452	https://api.first.org/data/v1/epss?cve=CVE-2018-10925
epss	0.00452	https://api.first.org/data/v1/epss?cve=CVE-2018-10925
epss	0.00452	https://api.first.org/data/v1/epss?cve=CVE-2018-10925
epss	0.00452	https://api.first.org/data/v1/epss?cve=CVE-2018-10925
epss	0.00452	https://api.first.org/data/v1/epss?cve=CVE-2018-10925
epss	0.00452	https://api.first.org/data/v1/epss?cve=CVE-2018-10925
epss	0.00452	https://api.first.org/data/v1/epss?cve=CVE-2018-10925
epss	0.00452	https://api.first.org/data/v1/epss?cve=CVE-2018-10925
epss	0.00452	https://api.first.org/data/v1/epss?cve=CVE-2018-10925
epss	0.00452	https://api.first.org/data/v1/epss?cve=CVE-2018-10925
epss	0.00452	https://api.first.org/data/v1/epss?cve=CVE-2018-10925
epss	0.00452	https://api.first.org/data/v1/epss?cve=CVE-2018-10925
epss	0.00452	https://api.first.org/data/v1/epss?cve=CVE-2018-10925
epss	0.00452	https://api.first.org/data/v1/epss?cve=CVE-2018-10925
epss	0.00452	https://api.first.org/data/v1/epss?cve=CVE-2018-10925
epss	0.00452	https://api.first.org/data/v1/epss?cve=CVE-2018-10925
epss	0.00452	https://api.first.org/data/v1/epss?cve=CVE-2018-10925
epss	0.00452	https://api.first.org/data/v1/epss?cve=CVE-2018-10925
epss	0.00452	https://api.first.org/data/v1/epss?cve=CVE-2018-10925
epss	0.00452	https://api.first.org/data/v1/epss?cve=CVE-2018-10925
epss	0.00452	https://api.first.org/data/v1/epss?cve=CVE-2018-10925
epss	0.00452	https://api.first.org/data/v1/epss?cve=CVE-2018-10925
epss	0.00452	https://api.first.org/data/v1/epss?cve=CVE-2018-10925
epss	0.00452	https://api.first.org/data/v1/epss?cve=CVE-2018-10925
epss	0.00452	https://api.first.org/data/v1/epss?cve=CVE-2018-10925
epss	0.00452	https://api.first.org/data/v1/epss?cve=CVE-2018-10925
epss	0.00452	https://api.first.org/data/v1/epss?cve=CVE-2018-10925
epss	0.00452	https://api.first.org/data/v1/epss?cve=CVE-2018-10925
epss	0.00452	https://api.first.org/data/v1/epss?cve=CVE-2018-10925
epss	0.00452	https://api.first.org/data/v1/epss?cve=CVE-2018-10925
epss	0.00452	https://api.first.org/data/v1/epss?cve=CVE-2018-10925
epss	0.00452	https://api.first.org/data/v1/epss?cve=CVE-2018-10925
epss	0.00452	https://api.first.org/data/v1/epss?cve=CVE-2018-10925
epss	0.00452	https://api.first.org/data/v1/epss?cve=CVE-2018-10925
epss	0.00452	https://api.first.org/data/v1/epss?cve=CVE-2018-10925
epss	0.00452	https://api.first.org/data/v1/epss?cve=CVE-2018-10925
epss	0.00452	https://api.first.org/data/v1/epss?cve=CVE-2018-10925
epss	0.00452	https://api.first.org/data/v1/epss?cve=CVE-2018-10925
epss	0.00452	https://api.first.org/data/v1/epss?cve=CVE-2018-10925
epss	0.00452	https://api.first.org/data/v1/epss?cve=CVE-2018-10925
epss	0.005	https://api.first.org/data/v1/epss?cve=CVE-2018-10925
epss	0.005	https://api.first.org/data/v1/epss?cve=CVE-2018-10925
epss	0.005	https://api.first.org/data/v1/epss?cve=CVE-2018-10925
epss	0.005	https://api.first.org/data/v1/epss?cve=CVE-2018-10925
epss	0.005	https://api.first.org/data/v1/epss?cve=CVE-2018-10925
epss	0.005	https://api.first.org/data/v1/epss?cve=CVE-2018-10925
epss	0.005	https://api.first.org/data/v1/epss?cve=CVE-2018-10925
epss	0.005	https://api.first.org/data/v1/epss?cve=CVE-2018-10925
epss	0.00752	https://api.first.org/data/v1/epss?cve=CVE-2018-10925
epss	0.00752	https://api.first.org/data/v1/epss?cve=CVE-2018-10925
epss	0.00752	https://api.first.org/data/v1/epss?cve=CVE-2018-10925
epss	0.00752	https://api.first.org/data/v1/epss?cve=CVE-2018-10925
epss	0.00752	https://api.first.org/data/v1/epss?cve=CVE-2018-10925
epss	0.00752	https://api.first.org/data/v1/epss?cve=CVE-2018-10925
epss	0.01196	https://api.first.org/data/v1/epss?cve=CVE-2018-10925
rhbs	high	https://bugzilla.redhat.com/show_bug.cgi?id=1612619
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10915
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10925
cvssv3	7.1	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv2	5.5	https://nvd.nist.gov/vuln/detail/CVE-2018-10925
cvssv3	8.1	https://nvd.nist.gov/vuln/detail/CVE-2018-10925
cvssv3	8.1	https://nvd.nist.gov/vuln/detail/CVE-2018-10925
cvssv3.1	8.1	https://nvd.nist.gov/vuln/detail/CVE-2018-10925
generic_textual	Medium	https://ubuntu.com/security/notices/USN-3744-1
generic_textual	Medium	https://www.postgresql.org/about/news/1878/
cvssv3	7.1	https://www.postgresql.org/support/security/CVE-2018-10925/

Reference id	Reference type	URL
		http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.html
		http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-10925.html
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10925.json
		https://api.first.org/data/v1/epss?cve=CVE-2018-10925
		https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10925
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10915
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10925
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://security.gentoo.org/glsa/201810-08
		https://ubuntu.com/security/notices/USN-3744-1
		https://usn.ubuntu.com/3744-1/
		https://www.debian.org/security/2018/dsa-4269
		https://www.postgresql.org/about/news/1878/
		https://www.postgresql.org/about/news/postgresql-105-9610-9514-9419-9324-and-11-beta-3-released-1878/
		https://www.postgresql.org/support/security/CVE-2018-10925/
		http://www.securityfocus.com/bid/105052
		http://www.securitytracker.com/id/1041446
1612619		https://bugzilla.redhat.com/show_bug.cgi?id=1612619
cpe:2.3:a:postgresql:postgresql::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:postgresql:postgresql::::::::
cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
cpe:2.3:o:debian:debian_linux:9.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
CVE-2018-10925		https://nvd.nist.gov/vuln/detail/CVE-2018-10925
RHSA-2018:2511		https://access.redhat.com/errata/RHSA-2018:2511
RHSA-2018:2565		https://access.redhat.com/errata/RHSA-2018:2565
RHSA-2018:2566		https://access.redhat.com/errata/RHSA-2018:2566
RHSA-2018:3816		https://access.redhat.com/errata/RHSA-2018:3816

No exploits are available.

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10925.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2018-10925

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2018-10925

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2018-10925

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2018-10925

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.49115
EPSS Score	0.00134
Published At	Dec. 17, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.