PT-2022-11908 · Odyssey+1 · Odyssey+1

Published

2021-11-10

Updated

2024-03-06

CVE-2021-43767

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Odyssey (affected versions not specified)

Description The issue allows a man-in-the-middle attacker to inject false responses to the client's initial queries when Odyssey storage is configured to use the PostgreSQL server with specific authentication settings. Despite using SSL certificate verification and encryption, Odyssey will pass these results to the client as if they originated from a valid server.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Insufficiently Protected Credentials

Improper Certificate Validation

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-522CWE-295

Related Identifiers

ALT-PU-2021-3250

ALT-PU-2021-3252

ALT-PU-2021-3253

ALT-PU-2021-3254

ALT-PU-2021-3345

ALT-PU-2021-3346

ALT-PU-2021-3347

ALT-PU-2021-3348

ALT-PU-2021-3459

ALT-PU-2021-3461

ALT-PU-2021-3462

ALT-PU-2021-3463

ALT-PU-2021-3565

ALT-PU-2021-3566

ALT-PU-2021-3567

ALT-PU-2021-3600

ALT-PU-2022-1109

ALT-PU-2023-6629

BIT-POSTGRESQL-2021-43767

CVE-2021-43767

Affected Products

Alt Linux

Odyssey

PT-2022-11908 · Odyssey+1 · Odyssey+1

CVE-2021-43767

Weakness Enumeration

Related Identifiers

Affected Products

References · 5