Unrated severityNVD Advisory· Published Oct 12, 2018· Updated Sep 17, 2024
CF networking internal policy server SQL injection
CVE-2018-15755
Description
Cloud Foundry CF Networking Release, versions 2.11.0 prior to 2.16.0, contain an internal api endpoint vulnerable to SQL injection between Diego cells and the policy server. A remote authenticated malicious user with mTLS certs can issue arbitrary SQL queries and gain access to the policy server.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: >=2.11.0 <2.16.0
- Cloud Foundry/CF Networking Releasev5Range: 2.11.0
Patches
Vulnerability mechanics
References
1- www.cloudfoundry.org/blog/cve-2018-15755/mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.