postgresql postgresql CVE-2021-23214 vulnerability in PostgreSQL and Other Products
Published on March 4, 2022

product logo product logo product logo product logo
When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption.

Github Repository Vendor Advisory NVD

Weakness Type

What is a SQL Injection Vulnerability?

The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.

CVE-2021-23214 has been classified to as a SQL Injection vulnerability or weakness.


Products Associated with CVE-2021-23214

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2021-23214 are published in these products:

PostgreSQL
 
Fedora Project Fedora
 
Red Hat Software Collections
 
Red Hat Enterprise Linux (RHEL)
 
Red Hat Enterprise Linux Ibm Z Systems
 
Red Hat Enterprise Linux Power Little Endian
 
Canonical Ubuntu Linux
 

Exploit Probability

EPSS
0.33%
Percentile
55.10%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.