CVE-2018-15755

Cloud Foundry CF Networking Release, versions 2.11.0 prior to 2.16.0, contain an internal api endpoint vulnerable to SQL injection between Diego cells and the policy server. A remote authenticated malicious user with mTLS certs can issue arbitrary SQL queries and gain access to the policy server.
References
Link Resource
https://www.cloudfoundry.org/blog/cve-2018-15755/ Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:cloud_foundry:cf-networking:*:*:*:*:*:*:*:*

Information

Published : 2018-10-12 10:15

Updated : 2019-10-09 11:35


NVD link : CVE-2018-15755

Mitre link : CVE-2018-15755

Products Affected
No products.
CWE