CVE-2021-23214

Summary

When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption.

Affected Software

VendorProductVersion RangeStatus
n/apostgresqlAffects v9.6 to v14affected

Weaknesses

  • CWE-89: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

ADP Enrichment

CVE Program Container

Additional References

References