CVE-2021-23214

Name: CVE-2021-23214
Creator: NVD / NIST
Published: 2022-03-04T16:15:08.293+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 8.1/10EPSS 1.90%

Last modified Jun 17, 2026

CVE-2021-23214 is a high-severity vulnerability rated 8.1/10 on the CVSS scale. When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption.. EPSS estimates a 1.90% chance of exploitation in the next 30 days.

Description

When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption.

Metrics

CVSS 3.1

8.1/10

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

1.90%

77.1th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Postgresql	Postgresql	< 9.6.24
Postgresql	Postgresql	>= 10.0, < 10.19
Postgresql	Postgresql	>= 11.0, < 11.14
Postgresql	Postgresql	>= 12.0, < 12.9
Postgresql	Postgresql	>= 13.0, < 13.5
Postgresql	Postgresql	14.0
Fedoraproject	Fedora	34
Fedoraproject	Fedora	35
Redhat	Software Collections	1.0
Redhat	Enterprise Linux	8.0
Redhat	Enterprise Linux For Ibm Z Systems	8.0
Redhat	Enterprise Linux For Power Little Endian	8.0

References

https://bugzilla.redhat.com/show_bug.cgi?id=2022666Issue Tracking, Patch, Third Party Advisory
https://git.postgresql.org/gitweb/?p=postgresql.git%3Ba=commit%3Bh=28e24125541545483093819efae9bca603441951
https://github.com/postgres/postgres/commit/28e24125541545483093819efae9bca603441951Patch, Third Party Advisory
https://security.gentoo.org/glsa/202211-04Third Party Advisory
https://www.postgresql.org/support/security/CVE-2021-23214/Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2022666Issue Tracking, Patch, Third Party Advisory
https://git.postgresql.org/gitweb/?p=postgresql.git%3Ba=commit%3Bh=28e24125541545483093819efae9bca603441951
https://github.com/postgres/postgres/commit/28e24125541545483093819efae9bca603441951Patch, Third Party Advisory
https://security.gentoo.org/glsa/202211-04Third Party Advisory
https://www.postgresql.org/support/security/CVE-2021-23214/Vendor Advisory

Timeline

Published: Mar 4, 2022
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2021-23214?

How severe is CVE-2021-23214?

CVE-2021-23214 has a CVSS score of 8.1/10 (HIGH severity). The EPSS model estimates a 1.90% probability of exploitation in the next 30 days.

How do I fix CVE-2021-23214?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2021-23214?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST