CVE-2018-15755
CF networking internal policy server SQL injection
Cloud Foundry CF Networking Release, versions 2.11.0 prior to 2.16.0, contain an internal api endpoint vulnerable to SQL injection between Diego cells and the policy server. A remote authenticated malicious user with mTLS certs can issue arbitrary SQL queries and gain access to the policy server.
CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected products
Cloud Foundry · CF Networking ReleaseWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →