Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

CVE-2020-12147 : Vulnerability Insights and Analysis

Learn about CVE-2020-12147 affecting Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, or 9.0.1+. Find out the impact, technical details, and mitigation steps to secure your systems.

Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, or 9.0.1+ are vulnerable to unauthorized MySQL queries. Learn about the impact, technical details, and mitigation steps.

Understanding CVE-2020-12147

In Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, or 9.0.1+, an authenticated user can make unauthorized MySQL queries against the Orchestrator database using the /sqlExecution REST API.

What is CVE-2020-12147?

This CVE refers to the ability of an authenticated user to execute unauthorized MySQL queries against the Silver Peak Unity Orchestrator database.

The Impact of CVE-2020-12147

        CVSS Base Score: 6.6 (Medium Severity)
        Attack Vector: Network
        Attack Complexity: High
        Privileges Required: High
        Confidentiality Impact: High
        Integrity Impact: High
        Availability Impact: High

Technical Details of CVE-2020-12147

Silver Peak Unity Orchestrator vulnerability details.

Vulnerability Description

An authenticated user can perform unauthorized MySQL queries via the /sqlExecution REST API.

Affected Systems and Versions

        Unity Orchestrator: All versions affected prior to 8.9.11+, 8.10.11+, or 9.0.1+.

Exploitation Mechanism

The vulnerability allows an authenticated user to execute unauthorized MySQL queries against the Orchestrator database.

Mitigation and Prevention

Protect your systems from CVE-2020-12147.

Immediate Steps to Take

        Upgrade to Silver Peak Unity Orchestrator 8.9.11+, 8.10.11+, or 9.0.1+.

Long-Term Security Practices

        Regularly monitor and audit database queries.
        Implement access controls to restrict unauthorized queries.
        Stay informed about security advisories and updates.
        Conduct security training for users to prevent unauthorized actions.

Patching and Updates

Apply patches and updates provided by Silver Peak Systems to address this vulnerability.

Popular CVEs

CVE Id

Published Date

Is your System Free of Underlying Vulnerabilities?
Find Out Now