Vulnerabilities > CVE-2022-40756 - Unspecified vulnerability in Actian Psql and ZEN

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

actian

NVD

Published: 2022-09-30

Updated: 2022-10-05

Summary

If folder security is misconfigured for Actian Zen PSQL BEFORE Patch Update 1 for Zen 15 SP1 (v15.11.005), Patch Update 4 for Zen 15 (v15.01.017), or Patch Update 5 for Zen 14 SP2 (v14.21.022), it can allow an attacker (with file read/write access) to remove specific security files in order to reset the master password and gain access to the database.

Vulnerable Configurations

Part	Description	Count
Application	Actian Actian Psql 11 Actian Psql 13 Actian ZEN 15.0 Actian ZEN 14.0	4

References

https://www.actian.com/support-services/
https://actian.my.salesforce.com/sfc/p/#300000001XnW/a/4y000000LhjZ/s7Hk0dFM1Z9nLuAPa50rMaZie7mqCR5u33NZFbdKT7Q