It was found that a PostgreSQL server could accept plain text data during the establishment of an SSL connection. When a user is requesting a certificate based authentication, an active Person in the Middle could use this flaw in order to inject arbitrary SQL commands.

References

bugzilla.redhat.com/show_bug.cgi?id=2022666

nvd.nist.gov/vuln/detail/CVE-2021-23214

www.cve.org/CVERecord?id=CVE-2021-23214

ibm 10

nessus 49

veracode 1

rocky 3

osv 16

almalinux 3

amazon 6

cbl_mariner 2

ubuntucve 1

alpinelinux 1

debiancve 1

prion 2

archlinux 2

redhat 5

cve 2

oraclelinux 3

altlinux 13

ubuntu 2

debian 3

freebsd 1

openvas 29

suse 5

mageia 1

redos 1

fedora 1

github 1

gentoo 1

ibm

Security Bulletin: EDB Postgres Advanced Server with IBM and IBM Data Management Platform for EDB Postgres (Standard or Enterprise) for IBM Cloud Pak for Data are vulnerable to SQL injection from "man-in-the-middle" attack.

2022-02-10 17:57:59

Security Bulletin: Due to use of PostgreSQL, IBM Robotic Process Automation with Automation Anywhere is vulnerable to SQL injection (CVE-2021-23214)

2022-04-01 15:08:28

Security Bulletin: IBM Data Management Platform for EDB Postgres (Standard and Enterprise) for IBM Cloud Pak for Data are vulnerable to SQL injection from "man-in-the-middle" attack

2022-02-11 17:37:09

nessus

Amazon Linux AMI : postgresql96 (ALAS-2023-1661)

2023-01-24 00:00:00

Amazon Linux AMI : postgresql92 (ALAS-2023-1657)

2023-01-24 00:00:00

CentOS 8 : postgresql:10 (CESA-2022:1830)

2022-05-10 00:00:00

veracode

Man-in-the-Middle (MitM)

2021-11-14 07:40:11

rocky

postgresql:10 security update

2022-05-10 08:03:34

postgresql:12 security update

2021-12-21 09:10:31

postgresql:13 security update

2021-12-21 09:10:35

osv

CVE-2021-23214

2022-03-04 16:15:08

BIT-postgresql-2021-23214

2024-03-06 11:05:31

Moderate: postgresql:10 security update

2022-05-10 08:03:34

almalinux

Moderate: postgresql:10 security update

2022-05-10 08:03:34

Moderate: postgresql:12 security update

2021-12-21 09:10:31

Moderate: postgresql:13 security update

2021-12-21 09:10:35

amazon

Medium: postgresql93

2023-01-18 20:56:00

Medium: postgresql94

2023-01-18 20:56:00

Medium: postgresql96

2023-01-18 20:56:00

cbl_mariner

CVE-2021-23214 affecting package postgresql 12.7-2

2022-04-26 20:17:02

CVE-2021-23214 affecting package postgresql 12.8-1

2022-03-19 16:40:54

ubuntucve

CVE-2021-23214

2021-11-11 00:00:00

alpinelinux

CVE-2021-23214

2022-03-04 16:15:00

debiancve

CVE-2021-23214

2022-03-04 16:15:00

prion

Sql injection

2022-03-04 16:15:00

Sql injection

2022-08-25 18:15:00

archlinux

[ASA-202204-1] postgresql: man-in-the-middle

2022-04-04 00:00:00

[ASA-202203-1] postgresql: man-in-the-middle

2022-03-25 00:00:00

redhat

(RHSA-2022:1830) Moderate: postgresql:10 security update

2022-05-10 08:03:34

(RHSA-2021:5235) Moderate: postgresql:12 security update

2021-12-21 09:10:31

(RHSA-2021:5236) Moderate: postgresql:13 security update

2021-12-21 09:10:35

cve

CVE-2021-23214

2022-03-04 16:15:00

CVE-2021-43766

2022-08-25 18:15:00

oraclelinux

postgresql:10 security update

2022-05-17 00:00:00

postgresql:12 security update

2021-12-22 00:00:00

postgresql:13 security update

2021-12-22 00:00:00

altlinux

Security fix for the ALT Linux 10 package postgresql15 version 14.1-alt1

2021-11-10 00:00:00

Security fix for the ALT Linux 10 package postgresql12 version 12.9-alt1

2021-11-23 00:00:00

Security fix for the ALT Linux 8 package postgresql9.6 version 9.6.24-alt0.M80P.1

2021-12-21 00:00:00

ubuntu

PostgreSQL vulnerabilities

2022-09-28 00:00:00

PostgreSQL vulnerabilities

2021-11-11 00:00:00

debian

[SECURITY] [DSA 5006-1] postgresql-11 security update

2021-11-11 21:49:53

[SECURITY] [DSA 5007-1] postgresql-13 security update

2021-11-11 21:52:56

[SECURITY] [DLA 2817-1] postgresql-9.6 security update

2021-11-12 08:46:22

freebsd

PostgreSQL -- Possible man-in-the-middle attacks

2021-11-08 00:00:00

openvas

SUSE: Security Advisory (SUSE-SU-2021:3757-1)

2021-11-23 00:00:00

Debian: Security Advisory (DLA-2817-1)

2021-11-18 00:00:00

SUSE: Security Advisory (SUSE-SU-2021:3758-1)

2021-11-23 00:00:00

suse

Security update for postgresql12 (important)

2021-11-22 00:00:00

Security update for postgresql13 (important)

2021-11-22 00:00:00

Security update for postgresql10 (important)

2021-12-14 00:00:00

mageia

Updated postgresql packages fix security vulnerability

2021-11-25 16:06:13

redos

ROS-20220125-13

2022-01-25 00:00:00

fedora

[SECURITY] Fedora 35 Update: pgbouncer-1.16.1-1.fc35

2021-12-31 01:21:38

github

PostgresNIO processes unencrypted bytes from man-in-the-middle

2023-05-10 19:20:16

gentoo

PostgreSQL: Multiple Vulnerabilities

2022-11-19 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

56.9%

JSON

Related for RH:CVE-2021-23214