CVE-2018-15755
CF networking internal policy server SQL injection
Severity Score
8.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Cloud Foundry CF Networking Release, versions 2.11.0 prior to 2.16.0, contain an internal api endpoint vulnerable to SQL injection between Diego cells and the policy server. A remote authenticated malicious user with mTLS certs can issue arbitrary SQL queries and gain access to the policy server.
Cloud Foundry CF Networking Release, en versiones 2.11.0 anteriores a la 2.16.0, contiene un endpoint de API interno vulnerable a una inyección SWL entre las celdas Diego y el servidor de políticas. Un usuario autenticado remoto malicioso con certs mTLS puede lanzar consultas SQL arbitrarias y obtener acceso al servidor de políticas.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2018-08-23 CVE Reserved
- 2018-10-12 CVE Published
- 2024-07-17 EPSS Updated
- 2024-09-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CAPEC
References (1)
URL | Tag | Source |
---|---|---|
https://www.cloudfoundry.org/blog/cve-2018-15755 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Cloud Foundry Search vendor "Cloud Foundry" | Cf-networking Search vendor "Cloud Foundry" for product "Cf-networking" | >= 2.11.0 < 2.16.0 Search vendor "Cloud Foundry" for product "Cf-networking" and version " >= 2.11.0 < 2.16.0" | - |
Affected
|