8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
5.1 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
56.2%
When the IBM Data Management Platform for EDB Postgres Standard for IBM Cloud Pak for Data and IBM Data Management Platform for EDB Postgres Enterprise for IBM Cloud Pak for Data are configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption.
CVEID:CVE-2021-23214
**DESCRIPTION:**PostgreSQL is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements when the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, which could allow the attacker to view, add, modify or delete information in the back-end database.
CVSS Base score: 8.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/213379 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
Affected Product(s) | Version(s) |
---|---|
IBM Data Management Platform for EDB Postgres Standard for IBM Cloud Pak for Data | 2.0, 4.0.x |
IBM Data Management Platform for EDB Postgres Standard for IBM Cloud Pak for Data | 2.0, 4.0.x |
Affected version | Version | Remediation/Fix/Instructions |
---|---|---|
IBM Data Management Platform for EDB Postgres Standard for IBM Cloud Pak for Data | 2.0, 4.0.x | Upgrade to version 4.0.4 via the steps outlined in the Cloud Pak for Data Documentation. |
IBM Data Management Platform for EDB Postgres Enterprise for IBM Cloud Pak for Data | 2.0, 4.0.x | Upgrade to version 4.0.4 via the steps outlined in the Cloud Pak for Data Documentation. |
IBM strongly recommends addressing the vulnerability now by upgrading IBM Data Management Platform for EDB Postgres (Standard or Enterprise) for IBM Cloud Pak for Data to version 4.0.4.
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
5.1 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
56.2%