Odyssey passes to server unencrypted bytes from man-in-the-middle When Odyssey is configured to use certificate Common Name for client authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption. This is similar to CVE-2021-23214 for PostgreSQL.

Affected configurations

NVD

Node

odyssey_projectodysseyMatch1.1

References

github.com/yandex/odyssey/issues/376%2C

www.postgresql.org/support/security/CVE-2021-23214/

cve 2

prion 2

osv 16

cvelist 2

openvas 29

nessus 53

cbl_mariner 3

redhatcve 1

debiancve 1

alpinelinux 1

amazon 6

ubuntucve 1

ibm 10

archlinux 2

redhat 5

almalinux 3

nvd 1

oraclelinux 3

veracode 1

rocky 3

debian 3

altlinux 13

suse 5

kaspersky 1

freebsd 1

ubuntu 2

redos 1

mageia 1

fedora 1

github 1

gentoo 1

hp 1

cve

CVE-2021-43766

2022-08-25 18:15:09

CVE-2021-23214

2022-03-04 16:15:08

prion

Sql injection

2022-08-25 18:15:00

Sql injection

2022-03-04 16:15:00

osv

CVE-2021-43766

2022-08-25 18:15:09

Moderate: postgresql:10 security update

2022-05-10 08:03:34

Moderate: postgresql:10 security update

2022-05-10 08:03:34

cvelist

CVE-2021-43766

2022-08-25 17:27:31

CVE-2021-23214

2022-03-04 00:00:00

openvas

Huawei EulerOS: Security Advisory for postgresql-10.5 (EulerOS-SA-2023-1346)

2023-02-09 00:00:00

SUSE: Security Advisory (SUSE-SU-2021:3755-1)

2021-11-21 00:00:00

Debian: Security Advisory (DSA-5006-1)

2021-11-14 00:00:00

nessus

EulerOS 2.0 SP8 : postgresql-10.5 (EulerOS-SA-2023-1346)

2023-02-08 00:00:00

AlmaLinux 8 : postgresql:10 (ALSA-2022:1830)

2022-05-12 00:00:00

Amazon Linux AMI : postgresql93 (ALAS-2023-1658)

2023-01-24 00:00:00

cbl_mariner

CVE-2021-43766 affecting package postgresql 12.8-1

2022-10-13 00:40:15

CVE-2021-23214 affecting package postgresql for versions less than 14.2-1

2022-04-26 20:17:02

CVE-2021-23214 affecting package postgresql 12.8-1

2022-03-19 16:40:54

redhatcve

CVE-2021-23214

2022-04-26 22:23:51

debiancve

CVE-2021-23214

2022-03-04 16:15:08

alpinelinux

CVE-2021-23214

2022-03-04 16:15:08

amazon

Medium: postgresql94

2023-01-18 20:56:00

Medium: postgresql96

2023-01-18 20:56:00

Medium: postgresql95

2023-01-18 20:56:00

ubuntucve

CVE-2021-23214

2021-11-11 00:00:00

ibm

Security Bulletin: IBM Data Management Platform for EDB Postgres (Standard and Enterprise) for IBM Cloud Pak for Data are vulnerable to SQL injection from "man-in-the-middle" attack

2022-02-11 17:37:09

Security Bulletin: EDB PostreSQL with IBM, EDB Postgres Advanced Server with IBM, IBM Data Management Platform (Enterprise, Standard) are vulnerable to an SQL Injection (CVE-2021-23214)

2021-12-03 20:39:18

Security Bulletin: Due to use of PostgreSQL, IBM Robotic Process Automation with Automation Anywhere is vulnerable to SQL injection (CVE-2021-23214)

2022-04-01 15:08:28

archlinux

[ASA-202204-1] postgresql: man-in-the-middle

2022-04-04 00:00:00

[ASA-202203-1] postgresql: man-in-the-middle

2022-03-25 00:00:00

redhat

(RHSA-2022:1830) Moderate: postgresql:10 security update

2022-05-10 08:03:34

(RHSA-2021:5236) Moderate: postgresql:13 security update

2021-12-21 09:10:35

(RHSA-2021:5235) Moderate: postgresql:12 security update

2021-12-21 09:10:31

almalinux

Moderate: postgresql:10 security update

2022-05-10 08:03:34

Moderate: postgresql:13 security update

2021-12-21 09:10:35

Moderate: postgresql:12 security update

2021-12-21 09:10:31

nvd

CVE-2021-23214

2022-03-04 16:15:08

oraclelinux

postgresql:10 security update

2022-05-17 00:00:00

postgresql:12 security update

2021-12-22 00:00:00

postgresql:13 security update

2021-12-22 00:00:00

veracode

Man-in-the-Middle (MitM)

2021-11-14 07:40:11

rocky

postgresql:10 security update

2022-05-10 08:03:34

postgresql:12 security update

2021-12-21 09:10:31

postgresql:13 security update

2021-12-21 09:10:35

debian

[SECURITY] [DSA 5007-1] postgresql-13 security update

2021-11-11 21:52:56

[SECURITY] [DLA 2817-1] postgresql-9.6 security update

2021-11-12 08:46:22

[SECURITY] [DSA 5006-1] postgresql-11 security update

2021-11-11 21:49:53

altlinux

Security fix for the ALT Linux 10 package postgresql14 version 14.1-alt1

2021-11-23 00:00:00

Security fix for the ALT Linux 9 package postgresql9.6 version 9.6.24-alt0.M90P.1

2021-12-03 00:00:00

Security fix for the ALT Linux 9 package postgresql12 version 12.9-alt0.M90P.1

2021-12-03 00:00:00

suse

Security update for postgresql10 (important)

2021-12-14 00:00:00

Security update for postgresql14 (important)

2021-11-22 00:00:00

Security update for postgresql10 (important)

2021-12-15 00:00:00

kaspersky

KLA12378 Multiple vulnerabilities in PostgreSQL

2021-11-11 00:00:00

freebsd

PostgreSQL -- Possible man-in-the-middle attacks

2021-11-08 00:00:00

ubuntu

PostgreSQL vulnerabilities

2022-09-28 00:00:00

PostgreSQL vulnerabilities

2021-11-11 00:00:00

redos

ROS-20220125-13

2022-01-25 00:00:00

mageia

Updated postgresql packages fix security vulnerability

2021-11-25 16:06:13

fedora

[SECURITY] Fedora 35 Update: pgbouncer-1.16.1-1.fc35

2021-12-31 01:21:38

github

PostgresNIO processes unencrypted bytes from man-in-the-middle

2023-05-10 19:20:16

gentoo

PostgreSQL: Multiple Vulnerabilities

2022-11-19 00:00:00

HP Device Manager Vulnerability Update (5.0.12)

2024-01-26 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

57.3%

JSON

Related for NVD:CVE-2021-43766

cve2 prion2 osv16 cvelist2 openvas29 nessus53 cbl_mariner3 redhatcve1 debiancve1 alpinelinux1 amazon6 ubuntucve1 ibm10 archlinux2 redhat5 almalinux3 nvd1 oraclelinux3 veracode1 rocky3 debian3 altlinux13 suse5 kaspersky1 freebsd1 ubuntu2 redos1 mageia1 fedora1 github1 gentoo1 hp1