All Vulnerability Reports

CVE-2018-1280: Blind SQL injection in Pivotal Greenplum Command Center


Severity

High

Vendor

Pivotal

Description

Pivotal Greenplum Command Center, versions 2.x prior to 2.5.1, contains a blind SQL injection vulnerability. An unauthenticated user can perform a SQL injection in the command center which results in disclosure of database contents.

Affected VMware Products and Versions

Severity is high unless otherwise noted.

  • Pivotal Greenplum Command Center 2.x versions prior to 2.5.1

Mitigation

Users of affected versions should apply the following mitigation:

  • Releases that have fixed this issue include:

    • Pivotal Greenplum Command Center: 2.5.1
  • Releases that have were not affected by this issue include:

    • Pivotal Greenplum Command Center: 3.x, 4.x

Credit

This issue was identified and responsibly reported by Ben Walchli, Advanced Security Centre, EY on behalf of Matthew Parrelli, Corporate Security Group, IAG.

History

2018-05-07: Initial vulnerability report published