Vulnerability Details CVE-2020-12147
In Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, or 9.0.1+, an authenticated user can make unauthorized MySQL queries against the Orchestrator database using the /sqlExecution REST API, which had been used for internal testing.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.01
EPSS Ranking 76.5%
CVSS Severity
CVSS v3 Score 6.6
CVSS v2 Score 6.5
References
Products affected by CVE-2020-12147
-
cpe:2.3:a:silver-peak:unity_orchestrator:-
-
cpe:2.3:a:silver-peak:unity_orchestrator:6
-
cpe:2.3:a:silver-peak:unity_orchestrator:6.2
-
cpe:2.3:a:silver-peak:unity_orchestrator:7.3
-
cpe:2.3:a:silver-peak:unity_orchestrator:8
-
cpe:2.3:a:silver-peak:unity_orchestrator:8.1
-
cpe:2.3:a:silver-peak:unity_orchestrator:8.10
-
cpe:2.3:a:silver-peak:unity_orchestrator:8.5
-
cpe:2.3:a:silver-peak:unity_orchestrator:8.6
-
cpe:2.3:a:silver-peak:unity_orchestrator:8.7
-
cpe:2.3:a:silver-peak:unity_orchestrator:8.8
-
cpe:2.3:a:silver-peak:unity_orchestrator:8.9.2
-
cpe:2.3:a:silver-peak:unity_orchestrator:9.0