Lucene search

K
debiancveDebian Security Bug TrackerDEBIANCVE:CVE-2021-23222
HistoryMar 02, 2022 - 11:15 p.m.

CVE-2021-23222

2022-03-0223:15:08
Debian Security Bug Tracker
security-tracker.debian.org
25

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

43.7%

A man-in-the-middle attacker can inject false responses to the client’s first few queries, despite the use of SSL certificate verification and encryption.

OSVersionArchitecturePackageVersionFilename
Debian10allpostgresql-11<Β 11.14-0+deb10u1postgresql-11_11.14-0+deb10u1_all.deb
Debian11allpostgresql-13<Β 13.5-0+deb11u1postgresql-13_13.5-0+deb11u1_all.deb

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

43.7%