CVE-2017-4972: SQL Injection
First published: Tue Jun 13 2017(Updated: )
An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v257; UAA release 2.x versions prior to v2.7.4.14, 3.6.x versions prior to v3.6.8, 3.9.x versions prior to v3.9.10, and other versions prior to v3.15.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.12, 24.x versions prior to v24.7, and other versions prior to v30. An attacker can use a blind SQL injection attack to query the contents of the UAA database.
Credit: security_alert@emc.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cloud Foundry CF Release | <=256 | |
| Cloud Foundry UAA | <=29 | |
| Cloud Foundry UAA | =13.1 | |
| Cloud Foundry UAA | =13.2 | |
| Cloud Foundry UAA | =13.3 | |
| Cloud Foundry UAA | =13.4 | |
| Cloud Foundry UAA | =13.5 | |
| Cloud Foundry UAA | =13.6 | |
| Cloud Foundry UAA | =13.7 | |
| Cloud Foundry UAA | =13.8 | |
| Cloud Foundry UAA | =13.9 | |
| Cloud Foundry UAA | =13.10 | |
| Cloud Foundry UAA | =13.11 | |
| Cloud Foundry UAA | =24 | |
| Cloud Foundry UAA | =24.1 | |
| Cloud Foundry UAA | =24.2 | |
| Cloud Foundry UAA | =24.3 | |
| Cloud Foundry UAA | =24.4 | |
| Cloud Foundry UAA | =24.5 | |
| Cloud Foundry UAA | =24.6 | |
| Cloud Foundry UAA | =30 | |
| Cloud Foundry UAA | =30.1 | |
| Cloud Foundry UAA | =30.2 | |
| Cloud Foundry UAA | =30.3 | |
| Pivotal UAA | <=3.15.0 | |
| Pivotal UAA | =2.2.5.4 | |
| Pivotal UAA | =2.7.1 | |
| Pivotal UAA | =2.7.2 | |
| Pivotal UAA | =2.7.3 | |
| Pivotal UAA | =2.7.4 | |
| Pivotal UAA | =2.7.4.1 | |
| Pivotal UAA | =2.7.4.2 | |
| Pivotal UAA | =2.7.4.3 | |
| Pivotal UAA | =2.7.4.4 | |
| Pivotal UAA | =2.7.4.5 | |
| Pivotal UAA | =2.7.4.6 | |
| Pivotal UAA | =2.7.4.7 | |
| Pivotal UAA | =2.7.4.8 | |
| Pivotal UAA | =2.7.4.9 | |
| Pivotal UAA | =2.7.4.11 | |
| Pivotal UAA | =2.7.4.12 | |
| Pivotal UAA | =2.7.4.13 | |
| Pivotal UAA | =3.6.1 | |
| Pivotal UAA | =3.6.2 | |
| Pivotal UAA | =3.6.3 | |
| Pivotal UAA | =3.6.4 | |
| Pivotal UAA | =3.6.5 | |
| Pivotal UAA | =3.6.6 | |
| Pivotal UAA | =3.6.7 | |
| Pivotal UAA | =3.6.8 | |
| Pivotal UAA | =3.6.9 | |
| Pivotal UAA | =3.9.1 | |
| Pivotal UAA | =3.9.2 | |
| Pivotal UAA | =3.9.3 | |
| Pivotal UAA | =3.9.4 | |
| Pivotal UAA | =3.9.5 | |
| Pivotal UAA | =3.9.6 | |
| Pivotal UAA | =3.9.7 | |
| Pivotal UAA | =3.9.8 | |
| Pivotal UAA | =3.9.9 | |
| Pivotal UAA | =3.9.12 | |
| Pivotal UAA | =3.9.13 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-4972?
CVE-2017-4972 is considered to have a high severity due to potential unauthorized access vulnerabilities.
How do I fix CVE-2017-4972?
To address CVE-2017-4972, upgrade to Cloud Foundry UAA release versions 2.7.4.14 or later, or any 3.x versions 3.6.8 or later.
Which Cloud Foundry versions are affected by CVE-2017-4972?
CVE-2017-4972 affects Cloud Foundry Foundation cf-release versions prior to v257 and various UAA versions before specific patches.
Is CVE-2017-4972 still a risk?
Yes, if affected versions are still in use without the recommended updates, CVE-2017-4972 remains a significant security risk.
What systems could be impacted by CVE-2017-4972?
CVE-2017-4972 can impact systems running older versions of Cloud Foundry CF Release and UAA, especially those mentioned in the vulnerability details.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cloudfoundry
- canonical/cloud foundry cf release
- version/cloud foundry cf release/256
- canonical/cloud foundry uaa
- version/cloud foundry uaa/29
- version/cloud foundry uaa/13.1
- version/cloud foundry uaa/13.2
- version/cloud foundry uaa/13.3
- version/cloud foundry uaa/13.4
- version/cloud foundry uaa/13.5
- version/cloud foundry uaa/13.6
- version/cloud foundry uaa/13.7
- version/cloud foundry uaa/13.8
- version/cloud foundry uaa/13.9
- version/cloud foundry uaa/13.10
- version/cloud foundry uaa/13.11
- version/cloud foundry uaa/24
- version/cloud foundry uaa/24.1
- version/cloud foundry uaa/24.2
- version/cloud foundry uaa/24.3
- version/cloud foundry uaa/24.4
- version/cloud foundry uaa/24.5
- version/cloud foundry uaa/24.6
- version/cloud foundry uaa/30
- version/cloud foundry uaa/30.1
- version/cloud foundry uaa/30.2
- version/cloud foundry uaa/30.3
- vendor/pivotal software
- canonical/pivotal uaa
- version/pivotal uaa/3.15.0
- version/pivotal uaa/2.2.5.4
- version/pivotal uaa/2.7.1
- version/pivotal uaa/2.7.2
- version/pivotal uaa/2.7.3
- version/pivotal uaa/2.7.4
- version/pivotal uaa/2.7.4.1
- version/pivotal uaa/2.7.4.2
- version/pivotal uaa/2.7.4.3
- version/pivotal uaa/2.7.4.4
- version/pivotal uaa/2.7.4.5
- version/pivotal uaa/2.7.4.6
- version/pivotal uaa/2.7.4.7
- version/pivotal uaa/2.7.4.8
- version/pivotal uaa/2.7.4.9
- version/pivotal uaa/2.7.4.11
- version/pivotal uaa/2.7.4.12
- version/pivotal uaa/2.7.4.13
- version/pivotal uaa/3.6.1
- version/pivotal uaa/3.6.2
- version/pivotal uaa/3.6.3
- version/pivotal uaa/3.6.4
- version/pivotal uaa/3.6.5
- version/pivotal uaa/3.6.6
- version/pivotal uaa/3.6.7
- version/pivotal uaa/3.6.8
- version/pivotal uaa/3.6.9
- version/pivotal uaa/3.9.1
- version/pivotal uaa/3.9.2
- version/pivotal uaa/3.9.3
- version/pivotal uaa/3.9.4
- version/pivotal uaa/3.9.5
- version/pivotal uaa/3.9.6
- version/pivotal uaa/3.9.7
- version/pivotal uaa/3.9.8
- version/pivotal uaa/3.9.9
- version/pivotal uaa/3.9.12
- version/pivotal uaa/3.9.13