CVE-2017-4974: Blind SQL Injection with privileged UAA endpoints
Severity
High
References
Affected VMware Products and Versions
Severity is high unless otherwise noted.
- PCF Elastic Runtime:
- 1.6.x versions prior to 1.6.77
- 1.7.x versions prior to 1.7.62
- 1.8.x versions prior to 1.8.41
- 1.9.x versions prior to 1.9.19
- 1.10.x versions prior to 1.10.6
- PCF Operations Manager:
- 1.7.x versions prior to 1.7.27
- 1.8.x versions prior to 1.8.19
- 1.9.x versions prior to 1.9.10
- 1.10.x versions prior to 1.10.5
Mitigation
Users of affected versions should apply the following mitigation:
- The Cloud Foundry team recommends upgrading BOSH stemcells and/or other OSS components listed here if applicable.
- Releases that have fixed this issue include:
- PCF Elastic Runtime: 1.6.77, 1.7.62, 1.8.41, 1.9.19, 1.10.6
- PCF Operations Manager: 1.7.27, 1.8.19, 1.9.10, 1.10.5