CVE-2018-15755
CF networking internal policy server SQL injection
Cloud Foundry CF Networking Release, versions 2.11.0 prior to 2.16.0, contain an internal api endpoint vulnerable to SQL injection between Diego cells and the policy server. A remote authenticated malicious user with mTLS certs can issue arbitrary SQL queries and gain access to the policy server.
CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Productos afectados
Cloud Foundry · CF Networking Release¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →