Lucene search

[email protected]CVE-2017-4991

HistoryJun 13, 2017 - 6:29 a.m.

CVE-2017-4991

2017-06-1306:29:00

CWE-269

[email protected]

web.nvd.nist.gov

cve-2017-4991

cloud foundry foundation

uaa release

security vulnerability

password reset

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.9%

JSON

An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v260; UAA release 2.x versions prior to v2.7.4.16, 3.6.x versions prior to v3.6.10, 3.9.x versions prior to v3.9.12, and other versions prior to v3.17.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.14, 24.x versions prior to v24.9, 30.x versions prior to 30.2, and other versions prior to v36. Privileged users in one zone are allowed to perform a password reset for users in a different zone.

Affected configurations

NVD

Node

cloudfoundrycf-releaseRange≤259

cloudfoundrycloud_foundry_uaa_boshRange≤35

cloudfoundrycloud_foundry_uaa_boshMatch13.1

cloudfoundrycloud_foundry_uaa_boshMatch13.2

cloudfoundrycloud_foundry_uaa_boshMatch13.3

cloudfoundrycloud_foundry_uaa_boshMatch13.4

cloudfoundrycloud_foundry_uaa_boshMatch13.5

cloudfoundrycloud_foundry_uaa_boshMatch13.6

cloudfoundrycloud_foundry_uaa_boshMatch13.7

cloudfoundrycloud_foundry_uaa_boshMatch13.8

cloudfoundrycloud_foundry_uaa_boshMatch13.9

cloudfoundrycloud_foundry_uaa_boshMatch13.10

cloudfoundrycloud_foundry_uaa_boshMatch13.11

cloudfoundrycloud_foundry_uaa_boshMatch13.12

cloudfoundrycloud_foundry_uaa_boshMatch13.13

cloudfoundrycloud_foundry_uaa_boshMatch24

cloudfoundrycloud_foundry_uaa_boshMatch24.1

cloudfoundrycloud_foundry_uaa_boshMatch24.2

cloudfoundrycloud_foundry_uaa_boshMatch24.3

cloudfoundrycloud_foundry_uaa_boshMatch24.4

cloudfoundrycloud_foundry_uaa_boshMatch24.5

cloudfoundrycloud_foundry_uaa_boshMatch24.6

cloudfoundrycloud_foundry_uaa_boshMatch24.7

cloudfoundrycloud_foundry_uaa_boshMatch24.8

cloudfoundrycloud_foundry_uaa_boshMatch24.9

cloudfoundrycloud_foundry_uaa_boshMatch24.10

cloudfoundrycloud_foundry_uaa_boshMatch30

cloudfoundrycloud_foundry_uaa_boshMatch30.1

pivotal_softwarecloud_foundry_uaaRange≤4.2.0

pivotal_softwarecloud_foundry_uaaMatch2.2.5.4

pivotal_softwarecloud_foundry_uaaMatch2.7.1

pivotal_softwarecloud_foundry_uaaMatch2.7.2

pivotal_softwarecloud_foundry_uaaMatch2.7.3

pivotal_softwarecloud_foundry_uaaMatch2.7.4

pivotal_softwarecloud_foundry_uaaMatch2.7.4.1

pivotal_softwarecloud_foundry_uaaMatch2.7.4.2

pivotal_softwarecloud_foundry_uaaMatch2.7.4.3

pivotal_softwarecloud_foundry_uaaMatch2.7.4.4

pivotal_softwarecloud_foundry_uaaMatch2.7.4.5

pivotal_softwarecloud_foundry_uaaMatch2.7.4.6

pivotal_softwarecloud_foundry_uaaMatch2.7.4.7

pivotal_softwarecloud_foundry_uaaMatch2.7.4.8

pivotal_softwarecloud_foundry_uaaMatch2.7.4.9

pivotal_softwarecloud_foundry_uaaMatch2.7.4.11

pivotal_softwarecloud_foundry_uaaMatch2.7.4.12

pivotal_softwarecloud_foundry_uaaMatch2.7.4.13

pivotal_softwarecloud_foundry_uaaMatch2.7.4.14

pivotal_softwarecloud_foundry_uaaMatch2.7.4.15

pivotal_softwarecloud_foundry_uaaMatch3.6.1

pivotal_softwarecloud_foundry_uaaMatch3.6.2

pivotal_softwarecloud_foundry_uaaMatch3.6.3

pivotal_softwarecloud_foundry_uaaMatch3.6.4

pivotal_softwarecloud_foundry_uaaMatch3.6.5

pivotal_softwarecloud_foundry_uaaMatch3.6.6

pivotal_softwarecloud_foundry_uaaMatch3.6.7

pivotal_softwarecloud_foundry_uaaMatch3.6.8

pivotal_softwarecloud_foundry_uaaMatch3.6.9

pivotal_softwarecloud_foundry_uaaMatch3.9.1

pivotal_softwarecloud_foundry_uaaMatch3.9.2

pivotal_softwarecloud_foundry_uaaMatch3.9.3

pivotal_softwarecloud_foundry_uaaMatch3.9.4

pivotal_softwarecloud_foundry_uaaMatch3.9.5

pivotal_softwarecloud_foundry_uaaMatch3.9.6

pivotal_softwarecloud_foundry_uaaMatch3.9.7

pivotal_softwarecloud_foundry_uaaMatch3.9.8

pivotal_softwarecloud_foundry_uaaMatch3.9.9

CPENameOperatorVersion
cloudfoundry:cf-releasecloudfoundry cf-releasele259
cloudfoundry:cloud_foundry_uaa_boshcloudfoundry cloud foundry uaa boshle35
cloudfoundry:cloud_foundry_uaa_boshcloudfoundry cloud foundry uaa bosheq13.1
cloudfoundry:cloud_foundry_uaa_boshcloudfoundry cloud foundry uaa bosheq13.2
cloudfoundry:cloud_foundry_uaa_boshcloudfoundry cloud foundry uaa bosheq13.3
cloudfoundry:cloud_foundry_uaa_boshcloudfoundry cloud foundry uaa bosheq13.4
cloudfoundry:cloud_foundry_uaa_boshcloudfoundry cloud foundry uaa bosheq13.5
cloudfoundry:cloud_foundry_uaa_boshcloudfoundry cloud foundry uaa bosheq13.6
cloudfoundry:cloud_foundry_uaa_boshcloudfoundry cloud foundry uaa bosheq13.7
cloudfoundry:cloud_foundry_uaa_boshcloudfoundry cloud foundry uaa bosheq13.8

CPE	Name	Operator	Version
cloudfoundry:cf-release	cloudfoundry cf-release	le	259
cloudfoundry:cloud_foundry_uaa_bosh	cloudfoundry cloud foundry uaa bosh	le	35
cloudfoundry:cloud_foundry_uaa_bosh	cloudfoundry cloud foundry uaa bosh	eq	13.1
cloudfoundry:cloud_foundry_uaa_bosh	cloudfoundry cloud foundry uaa bosh	eq	13.2
cloudfoundry:cloud_foundry_uaa_bosh	cloudfoundry cloud foundry uaa bosh	eq	13.3
cloudfoundry:cloud_foundry_uaa_bosh	cloudfoundry cloud foundry uaa bosh	eq	13.4
cloudfoundry:cloud_foundry_uaa_bosh	cloudfoundry cloud foundry uaa bosh	eq	13.5
cloudfoundry:cloud_foundry_uaa_bosh	cloudfoundry cloud foundry uaa bosh	eq	13.6
cloudfoundry:cloud_foundry_uaa_bosh	cloudfoundry cloud foundry uaa bosh	eq	13.7
cloudfoundry:cloud_foundry_uaa_bosh	cloudfoundry cloud foundry uaa bosh	eq	13.8

Rows per page:

1-10 of 661

CNA Affected

[
  {
    "product": "Cloud Foundry UAA",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Cloud Foundry UAA"
      }
    ]
  }
]

References

www.cloudfoundry.org/cve-2017-4991/

Social References

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.9%

JSON

Related for CVE-2017-4991

osv2 cvelist1 cloudfoundry1 prion1 github1 veracode1 nvd1