CVSS Score v3.1
8.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.0019
41.1th percentile
Risk Priority
16
60% EPSS · 20% KEV · 20% CVSS
Summary
CVE-2021-23214 is a high-severity SQL Injection (CWE-89) vulnerability in Postgresql Postgresql . Its CVSS base score is 8.1 (High).
Operationally, ranked at the 41.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
Vulnerability
Related Threats
Affected Assets
Mitigating Controls
Vulnerability details
When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and…
more encryption.
CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
postgresql
postgresql
14.0 · ≤ 9.6.24 · 10.0 — 10.19 · 11.0 — 11.14
fedoraproject
fedora
34, 35
redhat
software collections
1.0
redhat
enterprise linux
8.0
redhat
enterprise linux for ibm z systems
8.0
redhat
enterprise linux for power little endian
8.0
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Penetration testing uses SQL injection payloads against database interfaces, identifying and supporting fixes for SQL injection weaknesses.
Validates query inputs to prevent SQL syntax or command manipulation.
References
Issue Tracking, Patch, Third Party Advisory · secalert@redhat.com
secalert@redhat.com
Patch, Third Party Advisory · secalert@redhat.com
Third Party Advisory · secalert@redhat.com
Vendor Advisory · secalert@redhat.com
Issue Tracking, Patch, Third Party Advisory · af854a3a-2127-422b-91ae-364da2661108
af854a3a-2127-422b-91ae-364da2661108
Patch, Third Party Advisory · af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory · af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory · af854a3a-2127-422b-91ae-364da2661108