Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2022-40756
CVE-2022-40756:
NixOS vulnerability analysis and mitigation
Overview
A vulnerability in Actian Zen PSQL prior to Patch Update 1 for Zen 15 SP1 (v15.11.005), Patch Update 4 for Zen 15 (v15.01.017), or Patch Update 5 for Zen 14 SP2 (v14.21.022) allows attackers with file read/write access to remove specific security files to reset the master password and gain access to the database (NVD).
Technical details
The vulnerability exists due to folder security misconfiguration that allows an attacker with file read/write access to manipulate security files. The vulnerability has a CVSS score of 8.8, indicating high severity (CISA).
Impact
Successful exploitation of this vulnerability allows attackers to reset the master password and gain unauthorized access to the database, potentially compromising all data stored within (NVD).
Mitigation and workarounds
Users should upgrade to Patch Update 1 for Zen 15 SP1 (v15.11.005), Patch Update 4 for Zen 15 (v15.01.017), or Patch Update 5 for Zen 14 SP2 (v14.21.022) depending on their installed version (NVD).
Additional resources
Source: This report was generated using AI
Related NixOS vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management