Security Advisory

CVE-2018-15755

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2018-10-12 21:00:00

Last updated 2024-09-17 00:31:36

Assigner dell

State PUBLISHED

Description

Cloud Foundry CF Networking Release, versions 2.11.0 prior to 2.16.0, contain an internal api endpoint vulnerable to SQL injection between Diego cells and the policy server. A remote authenticated malicious user with mTLS certs can issue arbitrary SQL queries and gain access to the policy server.

← Browse all CVEs View on cve.org ↗