Data Protection Advisor: PostgreSQL False Positive Security Vulnerabilities (CVE-2021-23214, CVE-2021-23222)
Summary: Data Protection Advisor (DPA): PostgreSQL False Positive Security Vulnerabilities (CVE-2021-23214, CVE-2021-23222)
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Security Article Type
Security KB
CVE Identifier
CVE-2021-23214,CVE-2021-23222
Issue Summary
See the 'Recommendation' section below for details on each CVE.
Recommendations
The vulnerabilities listed in the table below are in order by the date on which Data Protection Advisor Engineering determined that the Data Protection Advisor 19.6,19.5,19.4,19.3,19.2,18.x was not vulnerable.
| Third-party Component | CVE ID | Summary of Vulnerability | Reason why Product is not Vulnerable | Date Determined False Positive |
| PostgreSQL | CVE-2021-23214 | When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption. | This CVE is applicable to PostgreSQL authentication which is based on certificates. DPA uses only credential based authentication for PostgreSQL. | February 8, 2022 |
| PostgreSQL | CVE-2021-23222 | A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption. The server must be using trust authentication with a clientcert requirement or using cert authentication. | This CVE is applicable to PostgreSQL authentication which is based on certificates. DPA uses only credential based authentication for PostgreSQL. | February 8, 2022 |
Legal Disclaimer
Article Properties
Article Number: 000198365
Article Type: Security KB
Last Modified: 13 Jun 2022
Version: 1
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.