6.5

CVSS Score

3.0

Basic Information

CVE ID

CVE-2017-4974

GHSA ID

GHSA-cw9c-v3v2-99hm

EPSS Score

0.51229%

CWE

CWE-89

Published

5/13/2022

Updated

3/1/2024

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2017-4974

CVE-2017-4974: Blind SQL Injection with privileged Cloud Foundry UAA endpoints

An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v258; UAA release 2.x versions prior to v2.7.4.15, 3.6.x versions prior to v3.6.9, 3.9.x versions prior to v3.9.11, and other versions prior to v3.16.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.13, 24.x versions prior to v24.8, and other versions prior to v30.1. An authorized user can use a blind SQL injection attack to query the contents of the UAA database, aka "Blind SQL Injection with privileged UAA endpoints."

(GitHub Advisory)

6.5

CVSS Score

3.0

Basic Information

CVE ID

CVE-2017-4974

GHSA ID

GHSA-cw9c-v3v2-99hm

EPSS Score

0.51229%

CWE

CWE-89

Published

5/13/2022

Updated

3/1/2024

KEV Status

Technology

Java

Technical Details

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.cloudfoundry.identity:cloudfoundry-identity-server	maven	>= 2.0.0, < 2.7.4.15	2.7.4.15
org.cloudfoundry.identity:cloudfoundry-identity-server	maven	>= 3.0.0, < 3.6.9	3.6.9
org.cloudfoundry.identity:cloudfoundry-identity-server	maven	>= 3.7.0, < 3.9.11	3.9.11
org.cloudfoundry.identity:cloudfoundry-identity-server	maven	>= 3.10.0, < 3.16.0	3.16.0

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from insufficient input validation in SCIM filter processing. The patch added a VALID_ATTRIBUTE_NAMES whitelist and validateFilterAttributes method to check filter components. The original scimFilter method (before validation was added) directly parsed user input without these security checks, making it the injection vector. The commit diff clearly shows the security validation was missing in the vulnerable versions.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*n issu* w*s *is*ov*r** in *lou* *oun*ry *oun**tion **-r*l**s* v*rsions prior to v***; U** r*l**s* *.x v*rsions prior to v*.*.*.**, *.*.x v*rsions prior to v*.*.*, *.*.x v*rsions prior to v*.*.**, *n* ot**r v*rsions prior to v*.**.*; *n* U** *os* r*l

Reasoning

T** vuln*r**ility st*ms *rom insu**i*i*nt input v*li**tion in S*IM *ilt*r pro**ssin*. T** p*t** ***** * V*LI*_*TTRI*UT*_N*M*S w*it*list *n* v*li**t**ilt*r*ttri*ut*s m*t*o* to ****k *ilt*r *ompon*nts. T** ori*in*l s*im*ilt*r m*t*o* (***or* v*li**tion

6.5

Basic Information

Concerned about an active attack path?

CVE-2017-4974: Blind SQL Injection with privileged Cloud Foundry UAA endpoints

6.5

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI