Primary

Context

VMware Avi Load Balancer Unauthenticated Blind SQL Injection Vulnerability

Vulnerability

A blind SQL injection vulnerability has been identified in VMware Avi Load Balancer, affecting versions 30.1.1, 30.1.2, 30.2.1, and 30.2.2. This vulnerability allows a malicious user with network access to execute specially crafted SQL queries, potentially leading to unauthorized database access. The issue has been assigned a CVSSv3 base score of 8.6, indicating a high severity level.

Impact

Exploitation of this vulnerability could allow for unauthorized database access through the execution of malicious SQL queries.

Remediation

Users can upgrade to VMware Avi Load Balancer versions 30.1.2, 30.2.1, or 30.2.2 to address this vulnerability. Version 30.1.1 must be upgraded to 30.1.2 or later before the patch can be applied.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

VMware Avi Load Balancer Unauthenticated Blind SQL Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating