VIR Vulnerability Intelligence Relay

CVE-2017-4972

high
Published 2017-06-13 ยท Modified 2026-05-13
๐Ÿ’ฌ Discuss on Community โœš Propose mitigation
CVSS v3
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVSS v4 NEW
โ€”
not yet in upstream
VIR risk
7.5

Description

An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v257; UAA release 2.x versions prior to v2.7.4.14, 3.6.x versions prior to v3.6.8, 3.9.x versions prior to v3.9.10, and other versions prior to v3.15.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.12, 24.x versions prior to v24.7, and other versions prior to v30. An attacker can use a blind SQL injection attack to query the contents of the UAA database.

Predictions

Exploit likelihood
83%
Patch ETA
โ€”

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ€” if you've already worked around this in production โ€” publish your fix to the community-verified tier.

โœš Propose a mitigation on Community โ†’ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

Application impact
VendorProductVersionsFixed
cloudfoundrycf-release{"endIncluding":"256"}
cloudfoundrycloud_foundry_uaa_bosh{"endIncluding":"29"}
cloudfoundrycloud_foundry_uaa_bosh13.1
cloudfoundrycloud_foundry_uaa_bosh13.2
cloudfoundrycloud_foundry_uaa_bosh13.3
cloudfoundrycloud_foundry_uaa_bosh13.4
cloudfoundrycloud_foundry_uaa_bosh13.5
cloudfoundrycloud_foundry_uaa_bosh13.6
cloudfoundrycloud_foundry_uaa_bosh13.7
cloudfoundrycloud_foundry_uaa_bosh13.8
cloudfoundrycloud_foundry_uaa_bosh13.9
cloudfoundrycloud_foundry_uaa_bosh13.10
cloudfoundrycloud_foundry_uaa_bosh13.11
cloudfoundrycloud_foundry_uaa_bosh24
cloudfoundrycloud_foundry_uaa_bosh24.1
cloudfoundrycloud_foundry_uaa_bosh24.2
cloudfoundrycloud_foundry_uaa_bosh24.3
cloudfoundrycloud_foundry_uaa_bosh24.4
cloudfoundrycloud_foundry_uaa_bosh24.5
cloudfoundrycloud_foundry_uaa_bosh24.6
cloudfoundrycloud_foundry_uaa_bosh30
cloudfoundrycloud_foundry_uaa_bosh30.1
cloudfoundrycloud_foundry_uaa_bosh30.2
cloudfoundrycloud_foundry_uaa_bosh30.3
pivotal_softwarecloud_foundry_uaa{"endIncluding":"3.15.0"}
pivotal_softwarecloud_foundry_uaa2.2.5.4
pivotal_softwarecloud_foundry_uaa2.7.1
pivotal_softwarecloud_foundry_uaa2.7.2
pivotal_softwarecloud_foundry_uaa2.7.3
pivotal_softwarecloud_foundry_uaa2.7.4
pivotal_softwarecloud_foundry_uaa2.7.4.1
pivotal_softwarecloud_foundry_uaa2.7.4.2
pivotal_softwarecloud_foundry_uaa2.7.4.3
pivotal_softwarecloud_foundry_uaa2.7.4.4
pivotal_softwarecloud_foundry_uaa2.7.4.5
pivotal_softwarecloud_foundry_uaa2.7.4.6
pivotal_softwarecloud_foundry_uaa2.7.4.7
pivotal_softwarecloud_foundry_uaa2.7.4.8
pivotal_softwarecloud_foundry_uaa2.7.4.9
pivotal_softwarecloud_foundry_uaa2.7.4.11
pivotal_softwarecloud_foundry_uaa2.7.4.12
pivotal_softwarecloud_foundry_uaa2.7.4.13
pivotal_softwarecloud_foundry_uaa3.6.1
pivotal_softwarecloud_foundry_uaa3.6.2
pivotal_softwarecloud_foundry_uaa3.6.3
pivotal_softwarecloud_foundry_uaa3.6.4
pivotal_softwarecloud_foundry_uaa3.6.5
pivotal_softwarecloud_foundry_uaa3.6.6
pivotal_softwarecloud_foundry_uaa3.6.7
pivotal_softwarecloud_foundry_uaa3.6.8
pivotal_softwarecloud_foundry_uaa3.6.9
pivotal_softwarecloud_foundry_uaa3.9.1
pivotal_softwarecloud_foundry_uaa3.9.2
pivotal_softwarecloud_foundry_uaa3.9.3
pivotal_softwarecloud_foundry_uaa3.9.4
pivotal_softwarecloud_foundry_uaa3.9.5
pivotal_softwarecloud_foundry_uaa3.9.6
pivotal_softwarecloud_foundry_uaa3.9.7
pivotal_softwarecloud_foundry_uaa3.9.8
pivotal_softwarecloud_foundry_uaa3.9.9
pivotal_softwarecloud_foundry_uaa3.9.12
pivotal_softwarecloud_foundry_uaa3.9.13

References

CWEs

CWE-89

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.