VMware Avi Load Balancer Authenticated Blind SQL Injection Vulnerability

A blind SQL injection vulnerability has been identified in VMware Avi Load Balancer, specifically in versions 30.1.1, 30.1.2, 30.2.1, and 30.2.2. This vulnerability allows authenticated users with network access to execute specially crafted SQL queries, potentially leading to unauthorized access to the database. The issue arises from improper input validation, enabling exploitation by malicious users.

Impact

Exploitation of this vulnerability could allow an authenticated attacker to execute blind SQL injection attacks, with the potential to access and manipulate the database.

Remediation

To address this vulnerability, users should upgrade to VMware Avi Load Balancer versions 30.1.2-2p3, 30.2.1-2p6, or 31.1.1-2p2. For version 30.1.1, it is necessary to first upgrade to 30.1.2 or later before applying the patch.