2 matches found
org.cloudfoundry.identity:cloudfoundry-identity-api (>=3.10.0 <=3.15.0), org.cloudfoundry.identity:cloudfoundry-identity-app (>=3.10.0 <=3.15.0) +1 more potentially affected by CVE-2017-4974 via org.cloudfoundry.identity:cloudfoundry-identity-server (>=3.10.0 <=3.15.0)
org.cloudfoundry.identity:cloudfoundry-identity-server MAVEN version =3.10.0, =3.10.0, =3.10.0, =3.10.0, =3.15.0 Source cves: CVE-2017-4974 Source advisory: OSV:GHSA-CW9C-V3V2-99HM...
CVE-2017-4974
CVE-2017-4974 is a blind SQL injection vulnerability affecting Cloud Foundry Foundation components: cf-release versions prior to v258 and UAA releases prior to v2.7.4.15 (2.x), v3.6.9 (3.6.x), v3.9.11 (3.9.x), and prior to v3.16.0 in general, plus uaa-release bosh releases prior to v13.13, v24.8,...