CVE-2018-1280

HIGH

Pivotal Software Greenplum Command Center < 2.5.1 - SQL Injection

Title source: rule

Description

Pivotal Greenplum Command Center versions 2.x prior to 2.5.1 contains a blind SQL injection vulnerability. An unauthenticated user can perform a SQL injection in the command center which results in disclosure of database contents.

References (2)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/104153

[Vendor Advisory] https://pivotal.io/security/cve-2018-1280

Scores

CVSS v3 7.5

EPSS 0.0026

EPSS Percentile 48.7%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-89

Status published

Affected Products (1)

pivotal_software/greenplum_command_center < 2.5.1

Timeline

Published May 11, 2018

Tracked Since Feb 18, 2026