Medium: postgresql

🗓️ 21 Feb 2023 00:00:00Reported by AmazonType

amazon

amazon🔗 alas.aws.amazon.com👁 67 Views

Server configured trust authentication with clientcert requirement or cert authentication allows SQL injection despite SS

Reporter	Title	Published	Views	Family All 267
IBM Security Bulletins	Security Bulletin: A security vulnerability inPostgreSQL affects IBM Cloud Pak for Multicloud Management Infrastructure Management	21 Oct 202217:09	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities	13 Jan 202215:19	–	ibm
IBM Security Bulletins	Security Bulletin: Due to use of PostgreSQL, IBM Robotic Process Automation with Automation Anywhere is vulnerable to SQL injection (CVE-2021-23214)	1 Apr 202215:08	–	ibm
IBM Security Bulletins	Security Bulletin: EDB Postgres Advanced Server with IBM and IBM Data Management Platform for EDB Postgres (Standard or Enterprise) for IBM Cloud Pak for Data are vulnerable to SQL injection from "man-in-the-middle" attack.	10 Feb 202217:57	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in PostgreSQL, Node.js, and Data Tables from Spry Media may affect IBM Spectrum Protect Plus	31 Jan 202218:22	–	ibm
IBM Security Bulletins	Security Bulletin: EDB PostreSQL with IBM, EDB Postgres Advanced Server with IBM, IBM Data Management Platform (Enterprise, Standard) are vulnerable to an SQL Injection (CVE-2021-23214)	3 Dec 202120:39	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Data Management Platform for EDB Postgres (Standard and Enterprise) for IBM Cloud Pak for Data are vulnerable to SQL injection from "man-in-the-middle" attack	11 Feb 202217:37	–	ibm
IBM Security Bulletins	Security Bulletin: SQL injection vulnerability in PostgreSQL affects IBM Connect:Direct Web Services (CVE-2021-23214)	1 Mar 202219:13	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar SIEM is vulnerable to using components with Known Vulnerabilities	25 Apr 202214:44	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Polkit, PostgreSQL, OpenSSL, OpenSSH, and jQuery affect IBM Spectrum Copy Data Management	12 Mar 202201:53	–	ibm

OS	OS Version	Architecture	Package	Package Version	Filename
Amazon Linux	2	aarch64	postgresql	9.2.24-8.amzn2.0.1	postgresql-9.2.24-8.amzn2.0.1.aarch64.rpm
Amazon Linux	2	i686	postgresql	9.2.24-8.amzn2.0.1	postgresql-9.2.24-8.amzn2.0.1.i686.rpm
Amazon Linux	2	x86_64	postgresql	9.2.24-8.amzn2.0.1	postgresql-9.2.24-8.amzn2.0.1.x86_64.rpm
Amazon Linux	2	aarch64	postgresql-contrib	9.2.24-8.amzn2.0.1	postgresql-contrib-9.2.24-8.amzn2.0.1.aarch64.rpm
Amazon Linux	2	i686	postgresql-contrib	9.2.24-8.amzn2.0.1	postgresql-contrib-9.2.24-8.amzn2.0.1.i686.rpm
Amazon Linux	2	x86_64	postgresql-contrib	9.2.24-8.amzn2.0.1	postgresql-contrib-9.2.24-8.amzn2.0.1.x86_64.rpm
Amazon Linux	2	aarch64	postgresql-debuginfo	9.2.24-8.amzn2.0.1	postgresql-debuginfo-9.2.24-8.amzn2.0.1.aarch64.rpm
Amazon Linux	2	i686	postgresql-debuginfo	9.2.24-8.amzn2.0.1	postgresql-debuginfo-9.2.24-8.amzn2.0.1.i686.rpm
Amazon Linux	2	x86_64	postgresql-debuginfo	9.2.24-8.amzn2.0.1	postgresql-debuginfo-9.2.24-8.amzn2.0.1.x86_64.rpm
Amazon Linux	2	aarch64	postgresql-devel	9.2.24-8.amzn2.0.1	postgresql-devel-9.2.24-8.amzn2.0.1.aarch64.rpm

22 Feb 2023 00:00Current

8High risk

Vulners AI Score8

CVSS 25.1

CVSS 3.18.1

EPSS0.00193

postgresql trust authentication clientcert requirement certificate authentication sql injection ssl certificate verification encryption amazon linux 2 red hat mitre