Blind SQL Injection in Cloud Foundry UAA Releases
CVE-2017-4972

7.5HIGH

Key Information:

Vendor
CVE Published:
13 June 2017

What is CVE-2017-4972?

A blind SQL injection vulnerability exists in specific versions of the Cloud Foundry UAA, allowing attackers to execute arbitrary SQL queries on the UAA database. By exploiting this flaw, attackers can retrieve sensitive information stored within the database, posing a significant risk to data confidentiality. It affects multiple versions of both the UAA release and the BOSH release, which should be promptly updated to mitigate potential threats.

Affected Version(s)

Cloud Foundry UAA Cloud Foundry UAA

References

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.