QwikSec

Security Database

CVE

CWE

Training

CVE-2021-22101

Published: Oct 27, 2021

Modified: Aug 3, 2024

PUBLISHED

Description

Cloud Controller versions prior to 1.118.0 are vulnerable to unauthenticated denial of Service(DoS) vulnerability allowing unauthenticated attackers to cause denial of service by using REST HTTP requests with label_selectors on multiple V3 endpoints by generating an enormous SQL query.

Vendor	Product	Versions
n/a	Cloud Foundry Cloud Controller	affected `Cloud Foundry Cloud Controller versions prior to 1.118.0`

Weaknesses (CWE)

References

https://www.cloudfoundry.org/blog/cve-2021-22101-cloud-controller-is-vulnerable-to-unauthenticated-denial-of-service/

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.