CVE-2017-4972 Blind SQL Injection in UAA
Affected Pivotal Products and Versions
Severity is high unless otherwise noted.
- PCF Elastic Runtime:
- 1.6.x versions prior to 1.6.76
- 1.7.x versions prior to 1.7.61
- 1.8.x versions prior to 1.8.40
- 1.9.x versions prior to 1.9.18
- 1.10.x versions prior to 1.10.5
- PCF Operations Manager:
- 1.7.x versions prior to 1.7.26
- 1.8.x versions prior to 1.8.18
- 1.9.x versions prior to 1.9.9
- 1.10.x versions prior to 1.10.4
- Note: PCF Operations Manager 1.6.x versions are not vulnerable to this issue.
Users of affected versions should apply the following mitigation:
- The Cloud Foundry team recommends upgrading BOSH stemcells and/or other OSS components listed here if applicable.
- Releases that have fixed this issue include:
- PCF Elastic Runtime: 1.6.76, 1.7.61, 1.8.40, 1.9.18, 1.10.5
- PCF Operations Manager: 1.7.26, 1.8.18, 1.9.9, 1.10.4