CVE-2016-4468

high-risk

Published 2017-04-11

SQL injection vulnerability in Pivotal Cloud Foundry (PCF) before 238; UAA 2.x before 2.7.4.4, 3.x before 3.3.0.2, and 3.4.x before 3.4.1; UAA BOSH before 11.2 and 12.x before 12.2; Elastic Runtime before 1.6.29 and 1.7.x before 1.7.7; and Ops Manager 1.7.x before 1.7.8 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

Do I need to act?

~

1.3% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

-

Not on CISA KEV list

No confirmed active exploitation reported to CISA

?

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

8

CVSS 8.8/10 High

NETWORK / LOW complexity

Affected Products (20)

Cloud Foundry

Cloud Foundry Elastic Runtime

Cloud Foundry Elastic Runtime

Cloud Foundry Elastic Runtime

Cloud Foundry Elastic Runtime

Cloud Foundry Elastic Runtime

Cloud Foundry Elastic Runtime

Cloud Foundry Elastic Runtime

Cloud Foundry Elastic Runtime

Cloud Foundry Elastic Runtime

Cloud Foundry Elastic Runtime

Cloud Foundry Elastic Runtime

Cloud Foundry Elastic Runtime

Cloud Foundry Elastic Runtime

Cloud Foundry Elastic Runtime

Cloud Foundry Elastic Runtime

Cloud Foundry Elastic Runtime

Cloud Foundry Elastic Runtime

Cloud Foundry Elastic Runtime

Cloud Foundry Elastic Runtime

Affected Vendors

Pivotal Software Cloudfoundry

References (4)

https://lists.cloudfoundry.org/archives/list/cf-dev%40lists.cloudfoundry.org/thr...

Mitigation https://pivotal.io/security/cve-2016-4468

https://lists.cloudfoundry.org/archives/list/cf-dev%40lists.cloudfoundry.org/thr...

Mitigation https://pivotal.io/security/cve-2016-4468

59

/ 100

high-risk

Severity 30/34 · Critical

Exploitability 4/34 · Minimal

Exposure 25/34 · High