CVE-2020-12147
6.6
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
In Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, or 9.0.1+, an authenticated user can make unauthorized MySQL queries against the Orchestrator database using the /sqlExecution REST API, which had been used for internal testing.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Silver Peak Systems, Inc. | Unity Orchestrator | All versions affected prior to Silver Peak Unity Orchestrator 8.9.11+ | affected |
| Silver Peak Systems, Inc. | Unity Orchestrator | 8.10.11+ | affected |
| Silver Peak Systems, Inc. | Unity Orchestrator | or 9.0.1+. | affected |
Weaknesses
- CVE-2020-12147
- CWE-22: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.