Home > Vulnerability Database > CVE-2020-10733

Mend.io Vulnerability Database

CVE-2020-10733

Good to know:

Date: September 16, 2020

The Windows installer for PostgreSQL 9.5 - 12 invokes system-provided executables that do not have fully-qualified paths. Executables in the directory where the installer loads or the current working directory take precedence over the intended executables. An attacker having permission to add files into one of those directories can use this to execute arbitrary code with the installer's administrative rights.

Language: C

Severity Score

7.3

Related Resources (5)

Url: https://nvd.nist.gov/vuln/detail/CVE-2020-10733

Url: https://security.netapp.com/advisory/ntap-20201001-0006/

Url: https://www.postgresql.org/support/security/11/

Url: https://www.postgresql.org/about/news/2038/

Url: https://www.mend.io/vulnerability-database/CVE-2020-10733

Severity Score

7.3

Weakness Type (CWE)

Untrusted Search Path

CWE-426

Top Fix

Upgrade Version

Upgrade to version REL9_5_22, REL9_6_18, REL_10_13, REL_11_8, REL_12_3

Learn More

CVSS v3.1

Base Score:	7.3
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	4.4
Access Vector (AV):	LOCAL
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2020-10733

Good to know:

Date: September 16, 2020

Language: C

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?