CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-9014

Medium Severity
SVRS
30/100
CVSSv3
NA/10
EPSS
0.92322/1

CVE-2024-9014 affects pgAdmin versions 8.11 and earlier, exposing a critical security vulnerability in the OAuth2 authentication process. An attacker could exploit this flaw to steal the client ID and secret, gaining unauthorized access to sensitive user data. Despite a CVSS score of 0, indicating minimal immediate technical impact, the presence of this vulnerability poses a significant risk.

The SOCRadar Vulnerability Risk Score (SVRS) is 30, suggesting a lower but not negligible level of risk based on threat intelligence from social media, dark web, and other sources. This means while the immediate exploitability might be low, the potential for targeted attacks exploiting compromised credentials remains. This vulnerability is significant because it involves the potential compromise of authentication credentials, which can lead to broader system access and data breaches. Immediate patching is advised to mitigate future risk, even with a low SVRS. While currently not considered "critical," continuous monitoring is advised given the sensitivity of user data.

TAGS
In The Wild
VECTOR STRING
PUBLICATION DATE2024-09-23
LAST MODIFIED2024-09-26

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

FOCUS FRIDAY: TPRM INSIGHTS INTO ORACLE WEBLOGIC SERVER AND GITHUB ENTERPRISE VULNERABILITIES
Ferdi Gül2024-12-03
FOCUS FRIDAY: TPRM INSIGHTS INTO ORACLE WEBLOGIC SERVER AND GITHUB ENTERPRISE VULNERABILITIES | Written By: Ferdi Gül This week’s Focus Friday blog highlights two critical vulnerabilities that pose significant risks to third-party ecosystems—CVE-2024-21216 affecting Oracle WebLogic Server and CVE-2024-9487 impacting GitHub Enterprise. These vulnerabilities, involving remote code execution and authentication bypass, respectively, threaten not only the organizations directly utilizing these products but also their entire supply chains. In […] The post FOCUS FRIDAY: TPRM INSIGHTS INTO ORACLE WEBLOGIC
normshield.com
rss
forum
news
FOCUS FRIDAY: ADDRESSING EXCHANGE SERVER RCE, FORTIMANAGER, GRAFANA, ROUNDCUBE WEBMAIL, AND CISCO FMC VULNERABILITIES FROM A TPRM PERSPECTIVE
Ferdi Gül2024-12-03
FOCUS FRIDAY: ADDRESSING EXCHANGE SERVER RCE, FORTIMANAGER, GRAFANA, ROUNDCUBE WEBMAIL, AND CISCO FMC VULNERABILITIES FROM A TPRM PERSPECTIVE | Written by: Ferdi Gül Welcome to this week’s edition of Focus Friday, where we explore high-profile cybersecurity incidents and vulnerabilities through the lens of Third-Party Risk Management (TPRM). In today’s rapidly evolving threat landscape, critical vulnerabilities pose a significant risk to organizations relying on third-party software and services. This week, we dive into several crucial […] The post FOCUS FRIDAY: ADDRESSING
normshield.com
rss
forum
news
FOCUS FRIDAY: TPRM INSIGHTS ON LITESPEED CACHE, RICOH WEB IMAGE MONITOR, SQUID PROXY, AND XLIGHT FTP VULNERABILITIES WITH BLACK KITE’S FOCUSTAGS™
Ferdi Gül2024-12-03
FOCUS FRIDAY: TPRM INSIGHTS ON LITESPEED CACHE, RICOH WEB IMAGE MONITOR, SQUID PROXY, AND XLIGHT FTP VULNERABILITIES WITH BLACK KITE’S FOCUSTAGS™ | Written by: Ferdi Gül Welcome to this week&#8217;s edition of FOCUS FRIDAY, where we delve into high-profile cybersecurity incidents from a Third-Party Risk Management (TPRM) perspective. In this installment, we examine critical vulnerabilities affecting widely-used products such as LiteSpeed Cache, RICOH Web Image Monitor, Squid Proxy, and Xlight FTP. By leveraging Black Kite’s proprietary FocusTags™, [&#8230;] The post <a href="https://blackkite.com
normshield.com
rss
forum
news
FOCUS FRIDAY: INSIGHTS INTO THIRD-PARTY RISKS IN FORTINET CORE PRODUCTS, CISCO RV ROUTERS, AND IVANTI CONNECT SECURE VULNERABILITIES
Ferdi Gül2024-10-11
FOCUS FRIDAY: INSIGHTS INTO THIRD-PARTY RISKS IN FORTINET CORE PRODUCTS, CISCO RV ROUTERS, AND IVANTI CONNECT SECURE VULNERABILITIES | Written By: Ferdi Gül Welcome to this week’s Focus Friday blog, where we delve into high-profile cybersecurity incidents from a Third-Party Risk Management (TPRM) perspective. This week, we examine critical vulnerabilities affecting Fortinet Core Products, Cisco RV Routers, and Ivanti Connect Secure. These vulnerabilities present significant risks, from privilege escalation to remote code execution, impacting [&#8230;] The post FOCUS FRIDAY: INSIGHTS INTO
normshield.com
rss
forum
news
Critical Ivanti vTM Vulnerability Exploited (CVE-2024-7593); pgAdmin Flaw Could Expose Data (CVE-2024-9014) - SOCRadar
2024-09-25
Critical Ivanti vTM Vulnerability Exploited (CVE-2024-7593); pgAdmin Flaw Could Expose Data (CVE-2024-9014) - SOCRadar | News Content: PROTECTION OF PERSONAL DATA COOKIE POLICY FOR THE INTERNET SITE Protecting your personal data is one of the core principles of our organization, SOCRadar, which operates the internet site (www.socradar.com). This Cookie Usage Policy (“Policy”) explains the types of cookies used and the conditions under which they are used to all website visitors and users. Cookies are small text files stored on your computer or mobile device by the websites you visit. Cookies are commonly used to provide you with a
google.com
rss
forum
news
FOCUS FRIDAY: THIRD-PARTY RISK INSIGHTS ON ZIMBRA, DrayTek ROUTERS, AUTHENTIK, AND OCTOPUS DEPLOY VULNERABILITIES
Ferdi Gül2024-10-04
FOCUS FRIDAY: THIRD-PARTY RISK INSIGHTS ON ZIMBRA, DrayTek ROUTERS, AUTHENTIK, AND OCTOPUS DEPLOY VULNERABILITIES | Written By: Ferdi GülContributor: Ferhat Dikbiyik Welcome to this week’s edition of Focus Friday, where we dive into critical vulnerabilities affecting the third-party ecosystem from a Third-Party Risk Management (TPRM) perspective. As organizations face mounting pressure to manage vulnerabilities swiftly and effectively, identifying and addressing these threats becomes crucial for maintaining cybersecurity resilience. In today’s [&#8230;] The post FOCUS FRIDAY: THIRD-PARTY RISK INSIGHTS ON
normshield.com
rss
forum
news
FOCUS FRIDAY: TPRM INSIGHTS INTO PGADMIN, KEYCLOAK, AND NAVIDROME VULNERABILITIES
Ferdi Gül2024-09-27
FOCUS FRIDAY: TPRM INSIGHTS INTO PGADMIN, KEYCLOAK, AND NAVIDROME VULNERABILITIES | Written By: Ferdi Gül Contributor: Ferhat Dikbiyik Welcome to this week’s Focus Friday blog, where we highlight key vulnerabilities and their implications for Third-Party Risk Management (TPRM). As organizations face an ever-evolving cyber threat landscape, staying ahead of critical vulnerabilities in widely-used software becomes crucial. This week, we dive into the vulnerabilities affecting pgAdmin, Keycloak, [&#8230;] The post FOCUS FRIDAY: TPRM INSIGHTS INTO PGADMIN, KEYCLOAK, AND NAVIDROME VULNERABILITIES</a
normshield.com
rss
forum
news

Social Media

CVE-2024-9014 (CVSS:9.9, CRITICAL) is Received. pgAdmin versions 8.11 and earlier are vulnerable to a security flaw in OAuth2 authentication. This vulnerability allows ..https://t.co/tCgMbqfFFe #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
0
0
0
CVE-2024-9014 (CVSS 9.9): pgAdmin's Critical Vulnerability Puts User Data at Risk Keep your #PostgreSQL databases safe. Learn about the CVE-2024-9014 vulnerability in #pgAdmin and the urgent security update that addresses it. https://t.co/OFbs7NDyQZ
0
1
2
[CVE-2024-9014: CRITICAL] Beware! pgAdmin versions 8.11 and older have a security flaw in OAuth2. Attackers can gain client ID and secret, risking unauthorized data access. #CyberSecurity#cybersecurity,#vulnerability https://t.co/9YynSRjRlZ https://t.co/DeuvyMLbuE
0
0
0

Affected Software

No affected software found for this CVE

References

ReferenceLink
F86EF6DC-4D3A-42AD-8F28-E6D5547A5007https://github.com/pgadmin-org/pgadmin4/issues/7945

CWE Details

CWE IDCWE NameDescription
CWE-522Insufficiently Protected CredentialsThe product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence