CVE-2018-15755
CF networking internal policy server SQL injection
Cloud Foundry CF Networking Release, versions 2.11.0 prior to 2.16.0, contain an internal api endpoint vulnerable to SQL injection between Diego cells and the policy server. A remote authenticated malicious user with mTLS certs can issue arbitrary SQL queries and gain access to the policy server.
CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Produtos afetados
Cloud Foundry · CF Networking ReleaseQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →