Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-40756

If folder security is misconfigured for Actian Zen PSQL BEFORE Patch Update 1 for Zen 15 SP1 (v15.11.005), Patch Update 4 for Zen 15 (v15.01.017), or Patch Update 5 for Zen 14 SP2 (v14.21.022), it can allow an attacker (with file read/write access) to remove specific security files in order to reset the master password and gain access to the database.

Published

2022-09-30T19:15:15.997

Last Modified

2025-05-20T16:15:22.053

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

Weaknesses

Type: Primary
NVD-CWE-noinfo
Type: Secondary
CWE-732

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	actian	psql	≤ 13	Yes
Application	actian	zen	< 14.21.022	Yes
Application	actian	zen	< 15.01.017	Yes

References

https://actian.my.salesforce.com/sfc/p/#300000001XnW/a/4y000000LhjZ/s7Hk0dFM1Z9nLuAPa50rMaZie7mqCR5u33NZFbdKT7Q Vendor Advisory ([email protected])
https://www.actian.com/support-services/ Vendor Advisory ([email protected])
https://actian.my.salesforce.com/sfc/p/#300000001XnW/a/4y000000LhjZ/s7Hk0dFM1Z9nLuAPa50rMaZie7mqCR5u33NZFbdKT7Q Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.actian.com/support-services/ Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)