Blind SQL Injection in Cloud Foundry UAA Releases
CVE-2017-4972
7.5HIGH
What is CVE-2017-4972?
A blind SQL injection vulnerability exists in specific versions of the Cloud Foundry UAA, allowing attackers to execute arbitrary SQL queries on the UAA database. By exploiting this flaw, attackers can retrieve sensitive information stored within the database, posing a significant risk to data confidentiality. It affects multiple versions of both the UAA release and the BOSH release, which should be promptly updated to mitigate potential threats.
Affected Version(s)
Cloud Foundry UAA Cloud Foundry UAA
