CVE-2016-4468: SQL Injection
First published: Tue Apr 11 2017(Updated: )
SQL injection vulnerability in Pivotal Cloud Foundry (PCF) before 238; UAA 2.x before 2.7.4.4, 3.x before 3.3.0.2, and 3.4.x before 3.4.1; UAA BOSH before 11.2 and 12.x before 12.2; Elastic Runtime before 1.6.29 and 1.7.x before 1.7.7; and Ops Manager 1.7.x before 1.7.8 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cloud Foundry UAA | <=12.0 | |
| Cloud Foundry | <=237.0 | |
| Pivotal Cloud Foundry Elastic Runtime | =1.6.0 | |
| Pivotal Cloud Foundry Elastic Runtime | =1.6.1 | |
| Pivotal Cloud Foundry Elastic Runtime | =1.6.2 | |
| Pivotal Cloud Foundry Elastic Runtime | =1.6.3 | |
| Pivotal Cloud Foundry Elastic Runtime | =1.6.4 | |
| Pivotal Cloud Foundry Elastic Runtime | =1.6.5 | |
| Pivotal Cloud Foundry Elastic Runtime | =1.6.6 | |
| Pivotal Cloud Foundry Elastic Runtime | =1.6.7 | |
| Pivotal Cloud Foundry Elastic Runtime | =1.6.8 | |
| Pivotal Cloud Foundry Elastic Runtime | =1.6.9 | |
| Pivotal Cloud Foundry Elastic Runtime | =1.6.10 | |
| Pivotal Cloud Foundry Elastic Runtime | =1.6.11 | |
| Pivotal Cloud Foundry Elastic Runtime | =1.6.12 | |
| Pivotal Cloud Foundry Elastic Runtime | =1.6.13 | |
| Pivotal Cloud Foundry Elastic Runtime | =1.6.14 | |
| Pivotal Cloud Foundry Elastic Runtime | =1.6.15 | |
| Pivotal Cloud Foundry Elastic Runtime | =1.6.17 | |
| Pivotal Cloud Foundry Elastic Runtime | =1.6.18 | |
| Pivotal Cloud Foundry Elastic Runtime | =1.6.19 | |
| Pivotal Cloud Foundry Elastic Runtime | =1.6.20 | |
| Pivotal Cloud Foundry Elastic Runtime | =1.6.21 | |
| Pivotal Cloud Foundry Elastic Runtime | =1.6.22 | |
| Pivotal Cloud Foundry Elastic Runtime | =1.6.23 | |
| Pivotal Cloud Foundry Elastic Runtime | =1.6.25 | |
| Pivotal Cloud Foundry Elastic Runtime | =1.6.26 | |
| Pivotal Cloud Foundry Elastic Runtime | =1.6.27 | |
| Pivotal Cloud Foundry Elastic Runtime | =1.6.28 | |
| Pivotal Cloud Foundry Elastic Runtime | =1.7.0 | |
| Pivotal Cloud Foundry Elastic Runtime | =1.7.1 | |
| Pivotal Cloud Foundry Elastic Runtime | =1.7.2 | |
| Pivotal Cloud Foundry Elastic Runtime | =1.7.3 | |
| Pivotal Cloud Foundry Elastic Runtime | =1.7.4 | |
| Pivotal Cloud Foundry Elastic Runtime | =1.7.5 | |
| Pivotal Cloud Foundry Elastic Runtime | =1.7.6 | |
| Pivotal Cloud Foundry Elastic Runtime | =1.7.7 | |
| Pivotal Cloud Foundry Elastic Runtime | =1.8.0 | |
| Pivotal Cloud Foundry Ops Manager | =1.7.0 | |
| Pivotal Cloud Foundry Ops Manager | =1.7.1 | |
| Pivotal Cloud Foundry Ops Manager | =1.7.2 | |
| Pivotal Cloud Foundry Ops Manager | =1.7.3 | |
| Pivotal Cloud Foundry Ops Manager | =1.7.4 | |
| Pivotal Cloud Foundry Ops Manager | =1.7.5 | |
| Pivotal Cloud Foundry Ops Manager | =1.7.6 | |
| Pivotal Cloud Foundry Ops Manager | =1.7.7 | |
| Pivotal Cloud Foundry Ops Manager | =1.7.8 | |
| Cloud Foundry User Account and Authentication (UAA) | <=3.4.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-4468?
CVE-2016-4468 is classified as a medium severity SQL injection vulnerability.
How do I fix CVE-2016-4468?
To fix CVE-2016-4468, upgrade to Pivotal Cloud Foundry versions 238 or later, or update UAA and Elastic Runtime to their respective patched versions.
What products are affected by CVE-2016-4468?
CVE-2016-4468 affects several components of Pivotal Cloud Foundry including UAA, Elastic Runtime, and Ops Manager before specified versions.
What are the potential impacts of CVE-2016-4468?
Exploitation of CVE-2016-4468 could allow remote authenticated attackers to execute arbitrary SQL commands.
Is CVE-2016-4468 remote exploitable?
Yes, CVE-2016-4468 can be exploited remotely by authenticated users.
- agent/type
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/author
- agent/event
- agent/source
- agent/weakness
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cloudfoundry
- canonical/cloud foundry uaa
- version/cloud foundry uaa/12.0
- vendor/pivotal software
- canonical/cloud foundry
- version/cloud foundry/237.0
- canonical/pivotal cloud foundry elastic runtime
- version/pivotal cloud foundry elastic runtime/1.6.0
- version/pivotal cloud foundry elastic runtime/1.6.1
- version/pivotal cloud foundry elastic runtime/1.6.2
- version/pivotal cloud foundry elastic runtime/1.6.3
- version/pivotal cloud foundry elastic runtime/1.6.4
- version/pivotal cloud foundry elastic runtime/1.6.5
- version/pivotal cloud foundry elastic runtime/1.6.6
- version/pivotal cloud foundry elastic runtime/1.6.7
- version/pivotal cloud foundry elastic runtime/1.6.8
- version/pivotal cloud foundry elastic runtime/1.6.9
- version/pivotal cloud foundry elastic runtime/1.6.10
- version/pivotal cloud foundry elastic runtime/1.6.11
- version/pivotal cloud foundry elastic runtime/1.6.12
- version/pivotal cloud foundry elastic runtime/1.6.13
- version/pivotal cloud foundry elastic runtime/1.6.14
- version/pivotal cloud foundry elastic runtime/1.6.15
- version/pivotal cloud foundry elastic runtime/1.6.17
- version/pivotal cloud foundry elastic runtime/1.6.18
- version/pivotal cloud foundry elastic runtime/1.6.19
- version/pivotal cloud foundry elastic runtime/1.6.20
- version/pivotal cloud foundry elastic runtime/1.6.21
- version/pivotal cloud foundry elastic runtime/1.6.22
- version/pivotal cloud foundry elastic runtime/1.6.23
- version/pivotal cloud foundry elastic runtime/1.6.25
- version/pivotal cloud foundry elastic runtime/1.6.26
- version/pivotal cloud foundry elastic runtime/1.6.27
- version/pivotal cloud foundry elastic runtime/1.6.28
- version/pivotal cloud foundry elastic runtime/1.7.0
- version/pivotal cloud foundry elastic runtime/1.7.1
- version/pivotal cloud foundry elastic runtime/1.7.2
- version/pivotal cloud foundry elastic runtime/1.7.3
- version/pivotal cloud foundry elastic runtime/1.7.4
- version/pivotal cloud foundry elastic runtime/1.7.5
- version/pivotal cloud foundry elastic runtime/1.7.6
- version/pivotal cloud foundry elastic runtime/1.7.7
- version/pivotal cloud foundry elastic runtime/1.8.0
- canonical/pivotal cloud foundry ops manager
- version/pivotal cloud foundry ops manager/1.7.0
- version/pivotal cloud foundry ops manager/1.7.1
- version/pivotal cloud foundry ops manager/1.7.2
- version/pivotal cloud foundry ops manager/1.7.3
- version/pivotal cloud foundry ops manager/1.7.4
- version/pivotal cloud foundry ops manager/1.7.5
- version/pivotal cloud foundry ops manager/1.7.6
- version/pivotal cloud foundry ops manager/1.7.7
- version/pivotal cloud foundry ops manager/1.7.8
- canonical/cloud foundry user account and authentication (uaa)
- version/cloud foundry user account and authentication (uaa)/3.4.0