RSS   Vulnerabilities for 'Cf-networking'   RSS

2018-10-12
 
CVE-2018-15755

CWE-89
 

 
Cloud Foundry CF Networking Release, versions 2.11.0 prior to 2.16.0, contain an internal api endpoint vulnerable to SQL injection between Diego cells and the policy server. A remote authenticated malicious user with mTLS certs can issue arbitrary SQL queries and gain access to the policy server.

 

 >>> Vendor: Cloud foundry 11 Products
Php buildpack
Cf-release
Capi-release
Diego
BOSH
Cf-mysql-release
Routing-release
Staticfile buildpack
Cf-networking
Bits service
Loggregator


Copyright 2024, cxsecurity.com

 

Back to Top