CVE-2017-4974: Blind SQL Injection with privileged UAA endpoints

Molly Crowther

CF devs,

Please see the following public link for information about a high CVE in
UAA. This is continuation of work that was originally released as part of
CVE-2017-4972 <>. It's
essentially the same attack but on some endpoints that require more

Friendly reminder that you can subscribe to new Cloud Foundry security
issues at:

Please let me know if you have any questions or concerns.

Molly Crowther
Cloud Foundry Foundation Security Team

Join { to automatically receive all group messages.