Miggo Logo

CVE-2017-4974: Blind SQL Injection with privileged Cloud Foundry UAA endpoints

6.5

CVSS Score
3.0

Basic Information

EPSS Score
0.51229%
Published
5/13/2022
Updated
3/1/2024
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.cloudfoundry.identity:cloudfoundry-identity-servermaven>= 2.0.0, < 2.7.4.152.7.4.15
org.cloudfoundry.identity:cloudfoundry-identity-servermaven>= 3.0.0, < 3.6.93.6.9
org.cloudfoundry.identity:cloudfoundry-identity-servermaven>= 3.7.0, < 3.9.113.9.11
org.cloudfoundry.identity:cloudfoundry-identity-servermaven>= 3.10.0, < 3.16.03.16.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from insufficient input validation in SCIM filter processing. The patch added a VALID_ATTRIBUTE_NAMES whitelist and validateFilterAttributes method to check filter components. The original scimFilter method (before validation was added) directly parsed user input without these security checks, making it the injection vector. The commit diff clearly shows the security validation was missing in the vulnerable versions.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*n issu* w*s *is*ov*r** in *lou* *oun*ry *oun**tion **-r*l**s* v*rsions prior to v***; U** r*l**s* *.x v*rsions prior to v*.*.*.**, *.*.x v*rsions prior to v*.*.*, *.*.x v*rsions prior to v*.*.**, *n* ot**r v*rsions prior to v*.**.*; *n* U** *os* r*l

Reasoning

T** vuln*r**ility st*ms *rom insu**i*i*nt input v*li**tion in S*IM *ilt*r pro**ssin*. T** p*t** ***** * V*LI*_*TTRI*UT*_N*M*S w*it*list *n* v*li**t**ilt*r*ttri*ut*s m*t*o* to ****k *ilt*r *ompon*nts. T** ori*in*l s*im*ilt*r m*t*o* (***or* v*li**tion