Manuals+

Security Bulletin

CVE-2020-25694, 25695, 25696

Summary

First publishedOctober 31, 2023
DescriptionA flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24.
Affected ProductsenteliSYNC
Recommended ActionFollow the enteliWEB Network Hardening Guide
CVSS v3.0 Base Score7.8 High
CVE IDCVE-2020-25694, CVE-2020-25695, CVE-2020-25696

Description

A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If a client application that creates additional database connections only reuses the basic connection parameters while dropping security-relevant parameters, an opportunity for a man-in-the-middle attack, or the ability to observe clear-text transmissions, could exist. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

PDF preview unavailable. Download the PDF instead.

SecB0008 Security Bulletin Adobe PDF Library 11.0

Related Documents

Preview Delta Controls Security Bulletin: OpenSSL Vulnerability CVE-2022-3786 and CVE-2022-3602
Delta Controls Security Bulletin SecB0006 details an OpenSSL vulnerability (CVE-2022-3786, CVE-2022-3602) related to buffer overflows in X.509 certificate verification. It provides a summary, description, affected products, recommended actions, and CVSS scoring information, along with an explanation of the Common Vulnerability Scoring System.
Preview Security Bulletin SecB0013: CVE-2024-21147 - enteliWEB Vulnerability Update
Delta Controls provides a security bulletin regarding CVE-2024-21147, a high-severity vulnerability affecting Oracle Java and compatible distributions. Details the impact on enteliWEB and planned remediation.
Preview Delta Controls Niagara Security Bulletin: CVE-2023-4863 Vulnerability Update
Delta Controls issues Security Bulletin SecB0009 for Niagara Framework and Niagara Enterprise Security, addressing a critical vulnerability (CVE-2023-4863) in the libwebp component used by jxBrowser. Details recommended updates to Niagara Framework 4.10u7 and 4.13u2 to mitigate risks.
Preview enteliWEB Network Hardening Guide
This guide provides essential information for planning and implementing robust security best practices for enteliWEB installations, covering critical areas such as password management, user permissions, server security, and network hardening.
Preview Delta Controls Product Catalog
A comprehensive catalog of Delta Controls' building automation solutions, including Red5 controllers, enteliZONE VAV controllers, sensors, gateways, software, and accessories.
Preview Delta Controls enteliWEB Case Study: Brooke Army Medical Center Infection Control
This case study details how Delta Controls' enteliWEB system was implemented at Brooke Army Medical Center (BAMC) to enhance infection control, environmental monitoring, and operational efficiency, improving patient safety and facility management.
Preview enteliWEB 4.2 Release Notes
This document provides release notes for enteliWEB version 4.2, detailing new features, system requirements, installation instructions, and known issues.
Preview Delta Controls e301 enteliWEB Fundamentals Course Description
Detailed course description for Delta Controls' e301 enteliWEB Fundamentals training. Covers course objectives, logistics, prerequisites, and topics including enteliWEB software, object management, alarms, and user administration.