CVE-2018-1280: Blind SQL injection in Pivotal Greenplum Command Center
Severity
High
Vendor
Pivotal
Description
Pivotal Greenplum Command Center, versions 2.x prior to 2.5.1, contains a blind SQL injection vulnerability. An unauthenticated user can perform a SQL injection in the command center which results in disclosure of database contents.
Affected VMware Products and Versions
Severity is high unless otherwise noted.
- Pivotal Greenplum Command Center 2.x versions prior to 2.5.1
Mitigation
Users of affected versions should apply the following mitigation:
- Releases that have fixed this issue include:
- Pivotal Greenplum Command Center: 2.5.1
- Releases that have were not affected by this issue include:
- Pivotal Greenplum Command Center: 3.x, 4.x
Credit
This issue was identified and responsibly reported by Ben Walchli, Advanced Security Centre, EY on behalf of Matthew Parrelli, Corporate Security Group, IAG.
History
2018-05-07: Initial vulnerability report published