VYPR
← All advisories
Unrated severityNVD Advisory· Published Sep 30, 2022· Updated May 20, 2025

CVE-2022-40756

CVE-2022-40756

Description

Misconfigured folder security in Actian Zen PSQL allows attackers with file read/write access to reset the master password and gain database access.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Misconfigured folder security in Actian Zen PSQL allows attackers with file read/write access to reset the master password and gain database access.

Vulnerability

A folder security misconfiguration in Actian Zen PSQL allows an attacker with file read/write access to remove specific security files. This vulnerability affects versions before Patch Update 1 for Zen 15 SP1 (v15.11.005), Patch Update 4 for Zen 15 (v15.01.017), and Patch Update 5 for Zen 14 SP2 (v14.21.022). The exact security files targeted are not disclosed in the available references.

Exploitation

An attacker must have file read/write access to the system where Zen PSQL is installed. The attacker can then remove specific security files, which resets the master password. No authentication or user interaction is required beyond the initial file access.

Impact

Successful exploitation allows the attacker to reset the master password and gain full access to the database. This leads to complete compromise of confidentiality, integrity, and availability of the database contents.

Mitigation

Actian has released patch updates to address this issue: Patch Update 1 for Zen 15 SP1 (v15.11.005), Patch Update 4 for Zen 15 (v15.01.017), and Patch Update 5 for Zen 14 SP2 (v14.21.022). Users should apply the appropriate update. No workaround is mentioned in the available references.

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • Actian/Zen PSQLdescription
  • Actian/Zen PSQLllm-create
    Range: <15.11.005 || <15.01.017 || <14.21.022 depending on lineage

Patches

0

No patches discovered yet.

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

2

News mentions

0

No linked articles in our index yet.