Unrated severityNVD Advisory· Published Nov 5, 2020· Updated Sep 16, 2024

Unauthorized queries against the Silver Peak Unity OrchestratorTM MySQL database.

CVE-2020-12147

Description

In Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, or 9.0.1+, an authenticated user can make unauthorized MySQL queries against the Orchestrator database using the /sqlExecution REST API, which had been used for internal testing.

Affected products

Silver Peak/Unity Orchestratorllm-fuzzy2 versions
<8.9.11+, <8.10.11+, <9.0.1++ 1 more
- (no CPE)range: <8.9.11+, <8.10.11+, <9.0.1+
- (no CPE)range: All versions affected prior to Silver Peak Unity Orchestrator 8.9.11+

Patches

Vulnerability mechanics

References

www.silver-peak.com/support/user-documentation/security-advisoriesmitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000