{"id":"CVE-2017-4972","details":"An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v257; UAA release 2.x versions prior to v2.7.4.14, 3.6.x versions prior to v3.6.8, 3.9.x versions prior to v3.9.10, and other versions prior to v3.15.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.12, 24.x versions prior to v24.7, and other versions prior to v30. An attacker can use a blind SQL injection attack to query the contents of the UAA database.","modified":"2026-04-11T18:29:50.497503Z","published":"2017-06-13T06:29:00.627Z","references":[{"type":"ADVISORY","url":"https://www.cloudfoundry.org/cve-2017-4972/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/cloudfoundry-attic/cf-release","events":[{"introduced":"0"},{"last_affected":"2dcce2b8f4f6a32915d3ab4b8f0abb5341971217"}],"database_specific":{"cpe":"cpe:2.3:a:cloudfoundry:cf-release:*:*:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"introduced":"0"},{"last_affected":"256"}]}}],"versions":["-","list","log","rc145.0","scotty_09012012","v100","v102","v103","v104","v105","v109","v119","v132","v133","v134","v135","v136","v137","v140","v143","v156","v157","v161","v170","v183","v205","v245","v249","v253","v256","v99","works-for-us"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-4972.json"}},{"ranges":[{"type":"GIT","repo":"https://github.com/cloudfoundry/uaa","events":[{"introduced":"0"},{"last_affected":"2051aecce6c49aec37ca2d8dd01bc0df194df745"},{"last_affected":"7640c1433ec193b6696ee5e37a524a353fb3053e"},{"last_affected":"79188ac64074380c3ac5ff8dc32468e73e1c4c4b"},{"last_affected":"868d1b66623c20290f87c424a27cbf12220ef1fe"},{"last_affected":"848792d60da36dc3cca6e4f98fc26c32ff1ad852"},{"last_affected":"5260b65c7976c5214b7b9104573971285ee747e3"},{"last_affected":"6f4197812dcb5da43b5c6bc2bed119c7cb51a649"},{"last_affected":"07f14654fc27d74fbae8c8caccd2c08b6129d1b6"},{"last_affected":"cb1cc7709fef43aa64933754b0e3f4fc2a4f46bd"},{"last_affected":"7964980977c0e44eb42d264a6a1e4e9957b50d7c"},{"last_affected":"3dd96319b33069208446af323e47b818b4b39a2e"},{"last_affected":"a54d147a0a0f2bad89b3cb768338acd3009cc815"},{"last_affected":"f0b459ddf0cc4fd738a412ce6586f24586266375"},{"last_affected":"9bf7f52cbf5070f84110916f849f101b4cb87da7"},{"last_affected":"fbec8291ff7c872b628dc3c648c8bfd3bb2e9c40"},{"last_affected":"e77d4a20b321da8d958c2dfba86146f58e20e702"},{"last_affected":"7dcb384183b4bb50bc30f1671d5bdeb6fdb01099"},{"last_affected":"e0ad8af3ff5ccda7ec5d3cd393ba21ed4245cdb7"},{"last_affected":"a2b00c8b5a0d4bfba14318e3bfac506c2e2949d0"},{"last_affected":"da04534573a6d5a53ad014f84bf5f855e0b2c6c0"},{"last_affected":"74e080e1d99a63c8b29656189198fc743e95455e"},{"last_affected":"ec11979e3e127c9fd89853a39ef79cdbf2cae2be"},{"last_affected":"83e137053564ab2afefb7dffc589bca936fe7757"},{"last_affected":"9d85a8a425e1ca3c17463d78dd67ae852539f0ce"},{"last_affected":"c751caff52bc03366eae95db385511303fb5e42a"},{"last_affected":"4b22749f89bd02ee4fca0c6b1873754ef83380fe"},{"last_affected":"3d42346829976108a79f75cc7c76ef44836664d1"},{"last_affected":"7623ebebfcb3864a979d769c125efffa82a292a4"},{"last_affected":"69fc38968ecf6d0748acbfec7aac9ca32cf4ed3d"},{"last_affected":"565bfebb000034c84d7853d4f9d387a8fc84c4bb"},{"last_affected":"9e384778cbbb7f4aca143874cc3eb4dfc697ca8b"},{"last_affected":"d75d7efa6328e04a4180f7ee18e1307dfa28dc2f"},{"last_affected":"a2be849438dcb8ded19504742c0d8903eeef0418"},{"last_affected":"b339df7cc4eb182c37deb9a9057093c2eb19e135"},{"last_affected":"896455cacb36cdb349f14b493fc656cb12985ada"},{"last_affected":"ffed4307232dc238ca9527716d176e68d9a25ce0"},{"last_affected":"c0f3471997118e8be5abb272d3b7ceeea3c6d46a"},{"last_affected":"acbc2bbf50068532d5a39a3a95163cb01ea14b25"}],"database_specific":{"cpe":["cpe:2.3:a:pivotal_software:cloud_foundry_uaa:*:*:*:*:*:*:*:*","cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.2.5.4:*:*:*:*:*:*:*","cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.1:*:*:*:*:*:*:*","cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.2:*:*:*:*:*:*:*","cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.3:*:*:*:*:*:*:*","cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4:*:*:*:*:*:*:*","cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.1:*:*:*:*:*:*:*","cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.2:*:*:*:*:*:*:*","cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.3:*:*:*:*:*:*:*","cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.4:*:*:*:*:*:*:*","cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.5:*:*:*:*:*:*:*","cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.6:*:*:*:*:*:*:*","cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.7:*:*:*:*:*:*:*","cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.8:*:*:*:*:*:*:*","cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.9:*:*:*:*:*:*:*","cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.11:*:*:*:*:*:*:*","cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.12:*:*:*:*:*:*:*","cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.13:*:*:*:*:*:*:*","cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.1:*:*:*:*:*:*:*","cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.2:*:*:*:*:*:*:*","cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.3:*:*:*:*:*:*:*","cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.4:*:*:*:*:*:*:*","cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.5:*:*:*:*:*:*:*","cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.6:*:*:*:*:*:*:*","cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.7:*:*:*:*:*:*:*","cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.8:*:*:*:*:*:*:*","cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.9:*:*:*:*:*:*:*","cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.1:*:*:*:*:*:*:*","cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.2:*:*:*:*:*:*:*","cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.3:*:*:*:*:*:*:*","cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.4:*:*:*:*:*:*:*","cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.5:*:*:*:*:*:*:*","cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.6:*:*:*:*:*:*:*","cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.7:*:*:*:*:*:*:*","cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.8:*:*:*:*:*:*:*","cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.9:*:*:*:*:*:*:*","cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.12:*:*:*:*:*:*:*","cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.13:*:*:*:*:*:*:*"],"source":"CPE_FIELD","extracted_events":[{"introduced":"0"},{"last_affected":"3.15.0"},{"last_affected":"2.2.5.4"},{"last_affected":"2.7.1"},{"last_affected":"2.7.2"},{"last_affected":"2.7.3"},{"last_affected":"2.7.4"},{"last_affected":"2.7.4.1"},{"last_affected":"2.7.4.2"},{"last_affected":"2.7.4.3"},{"last_affected":"2.7.4.4"},{"last_affected":"2.7.4.5"},{"last_affected":"2.7.4.6"},{"last_affected":"2.7.4.7"},{"last_affected":"2.7.4.8"},{"last_affected":"2.7.4.9"},{"last_affected":"2.7.4.11"},{"last_affected":"2.7.4.12"},{"last_affected":"2.7.4.13"},{"last_affected":"3.6.1"},{"last_affected":"3.6.2"},{"last_affected":"3.6.3"},{"last_affected":"3.6.4"},{"last_affected":"3.6.5"},{"last_affected":"3.6.6"},{"last_affected":"3.6.7"},{"last_affected":"3.6.8"},{"last_affected":"3.6.9"},{"last_affected":"3.9.1"},{"last_affected":"3.9.2"},{"last_affected":"3.9.3"},{"last_affected":"3.9.4"},{"last_affected":"3.9.5"},{"last_affected":"3.9.6"},{"last_affected":"3.9.7"},{"last_affected":"3.9.8"},{"last_affected":"3.9.9"},{"last_affected":"3.9.12"},{"last_affected":"3.9.13"}]}}],"versions":["1.0.1","1.0.3","1.1","1.1.1","1.1.2","1.10","1.11","1.2.0","1.2.6","1.4.0","1.4.1","1.4.2","1.4.3","1.4.5","1.4.6","1.4.7","1.5.0","1.5.2","1.5.2.1","1.5.3","1.5.4","1.5.4.1","1.6.0","1.6.1","1.6.2","1.6.4","1.6.5","1.7.0","1.7.1","1.7.2","1.8.0","1.8.1","1.8.2","1.8.3","1.9.0","1.9.1","2.0.0","2.0.1","2.0.2","2.0.3","2.1.0","2.2.4.1","2.2.5","2.2.5.3","2.2.5.4","2.2.6","2.3.0","2.3.1","2.3.1.1","2.4.0","2.4.1","2.5.0","2.5.1","2.5.2","2.6.0","2.6.1","2.6.2","2.7.0","2.7.0.1","2.7.0.2","2.7.0.3","2.7.1","2.7.2","2.7.3","2.7.4","2.7.4.1","2.7.4.10","2.7.4.11","2.7.4.12","2.7.4.13","2.7.4.2","2.7.4.3","2.7.4.4","2.7.4.5","2.7.4.6","2.7.4.7","2.7.4.8","2.7.4.9","3.0.0","3.0.1","3.1.0","3.10.0","3.11.0","3.12.0","3.13.0","3.14.0","3.15.0","3.2.0","3.2.1","3.3.0","3.3.0.1","3.4.0","3.4.1","3.4.2","3.5.0","3.6.0","3.6.1","3.6.2","3.6.3","3.6.4","3.6.5","3.6.6","3.6.7","3.6.8","3.6.9","3.8.0","3.9.0","3.9.1","3.9.10","3.9.11","3.9.12","3.9.13","3.9.2","3.9.3","3.9.4","3.9.5","3.9.6","3.9.7","3.9.8","3.9.9","lenient_hybrid_flow","travis-success-1475","travis-success-1478","travis-success-1497"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-4972.json"}},{"ranges":[{"type":"GIT","repo":"https://github.com/cloudfoundry/uaa-release","events":[{"introduced":"0"},{"last_affected":"e66f896cd3ecf7a792f3e5c3caf4e02974dd1abe"},{"last_affected":"9e9bc18c684b92f99e5ff97b857729ebb657f993"},{"last_affected":"a32cb321fad9aacc1423f0b617699ea639037786"},{"last_affected":"ba601cfabca2cc9524888dc624b4bee8d4b46472"},{"last_affected":"aaab7a7d472e86d3dd2afb50187008a1852e45ac"},{"last_affected":"5c023c50a25a0b970595fa165a851f57cd0092b7"},{"last_affected":"fd97e7b7e21ffbc9f7ab3830b39016f08d644311"},{"last_affected":"63e2ef4b54ca1cb3c462196053ea4b3324c9578a"},{"last_affected":"ce61532638edae69f98687163d33f08e8022b97f"},{"last_affected":"747cd9f9d22a2df42787baa85fa16ece5e2874ea"},{"last_affected":"99f08c77b1f962f4db9b8e05666245d20037402a"},{"last_affected":"d091d849287d64a790237ae8e3e3e535236aae77"},{"last_affected":"fbd252040ba68495902876096dd447452a26bf64"},{"last_affected":"acff6687d934bf827b809e108c55963a08463f30"},{"last_affected":"c8e3c41b598e988d7c60551b4fd5ec9b182c062b"},{"last_affected":"5d5ec0136d774da26566ca02f3b25648fd90433a"},{"last_affected":"e19510139156fcef72e9f7453979ec75168e34c9"},{"last_affected":"8c5ccff535f9fb3b924a3d1c52f795b0f8242054"},{"last_affected":"7ddaaef684e51ca03c86a34361e704323419d5aa"},{"last_affected":"cc0bff967af88f05814e5d3afe2d434a4219c4d0"},{"last_affected":"87308108195b925a3076185fdcb83bc4cea02471"}],"database_specific":{"cpe":["cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:*:*:*:*:*:*:*:*","cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.1:*:*:*:*:*:*:*","cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.2:*:*:*:*:*:*:*","cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.3:*:*:*:*:*:*:*","cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.4:*:*:*:*:*:*:*","cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.5:*:*:*:*:*:*:*","cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.6:*:*:*:*:*:*:*","cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.7:*:*:*:*:*:*:*","cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.8:*:*:*:*:*:*:*","cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.9:*:*:*:*:*:*:*","cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.10:*:*:*:*:*:*:*","cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.11:*:*:*:*:*:*:*","cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24:*:*:*:*:*:*:*","cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.1:*:*:*:*:*:*:*","cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.2:*:*:*:*:*:*:*","cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.3:*:*:*:*:*:*:*","cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.4:*:*:*:*:*:*:*","cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.5:*:*:*:*:*:*:*","cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.6:*:*:*:*:*:*:*","cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:30:*:*:*:*:*:*:*","cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:30.1:*:*:*:*:*:*:*","cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:30.2:*:*:*:*:*:*:*","cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:30.3:*:*:*:*:*:*:*"],"source":"CPE_FIELD","extracted_events":[{"introduced":"0"},{"last_affected":"29"},{"last_affected":"13.1"},{"last_affected":"13.2"},{"last_affected":"13.3"},{"last_affected":"13.4"},{"last_affected":"13.5"},{"last_affected":"13.6"},{"last_affected":"13.7"},{"last_affected":"13.8"},{"last_affected":"13.9"},{"last_affected":"13.10"},{"last_affected":"13.11"},{"last_affected":"24"},{"last_affected":"24.1"},{"last_affected":"24.2"},{"last_affected":"24.3"},{"last_affected":"24.4"},{"last_affected":"24.5"},{"last_affected":"24.6"},{"last_affected":"30"},{"last_affected":"30.1"},{"last_affected":"30.2"},{"last_affected":"30.3"}]}}],"versions":["ci-upgrade","v10","v11","v12","v12.1","v12.3","v13","v13.1","v13.10","v13.11","v13.2","v13.3","v13.4","v13.5","v13.6","v13.7","v13.8","v13.9","v14","v15","v16","v17","v18","v19","v2","v20","v21","v22","v23","v24","v24.1","v24.2","v24.3","v24.4","v24.5","v24.6","v25","v26","v27","v28","v29","v3","v30","v30.1","v30.2","v30.3","v6","v7","v8","v9"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-4972.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}