Lucene search

[email protected]CVE-2017-4992

HistoryJun 13, 2017 - 6:29 a.m.

CVE-2017-4992

2017-06-1306:29:00

CWE-269

[email protected]

web.nvd.nist.gov

cve

cloud foundry foundation

cf-release

uaa release

privilege escalation

arbitrary password reset

security vulnerability

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

64.8%

JSON

An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v261; UAA release 2.x versions prior to v2.7.4.17, 3.6.x versions prior to v3.6.11, 3.9.x versions prior to v3.9.13, and other versions prior to v4.2.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.15, 24.x versions prior to v24.10, 30.x versions prior to 30.3, and other versions prior to v37. There is privilege escalation (arbitrary password reset) with user invitations.

Affected configurations

NVD

Node

cloudfoundrycf-releaseRange≤260

cloudfoundrycloud_foundry_uaa_boshRange≤27

cloudfoundrycloud_foundry_uaa_boshMatch13.1

cloudfoundrycloud_foundry_uaa_boshMatch13.2

cloudfoundrycloud_foundry_uaa_boshMatch13.3

cloudfoundrycloud_foundry_uaa_boshMatch13.4

cloudfoundrycloud_foundry_uaa_boshMatch13.5

cloudfoundrycloud_foundry_uaa_boshMatch13.6

cloudfoundrycloud_foundry_uaa_boshMatch13.7

cloudfoundrycloud_foundry_uaa_boshMatch13.8

cloudfoundrycloud_foundry_uaa_boshMatch13.9

cloudfoundrycloud_foundry_uaa_boshMatch13.10

cloudfoundrycloud_foundry_uaa_boshMatch13.11

cloudfoundrycloud_foundry_uaa_boshMatch13.12

cloudfoundrycloud_foundry_uaa_boshMatch13.13

cloudfoundrycloud_foundry_uaa_boshMatch13.14

cloudfoundrycloud_foundry_uaa_boshMatch24

cloudfoundrycloud_foundry_uaa_boshMatch24.1

cloudfoundrycloud_foundry_uaa_boshMatch24.2

cloudfoundrycloud_foundry_uaa_boshMatch24.3

cloudfoundrycloud_foundry_uaa_boshMatch24.4

cloudfoundrycloud_foundry_uaa_boshMatch24.5

cloudfoundrycloud_foundry_uaa_boshMatch24.6

cloudfoundrycloud_foundry_uaa_boshMatch24.7

cloudfoundrycloud_foundry_uaa_boshMatch24.8

cloudfoundrycloud_foundry_uaa_boshMatch24.9

cloudfoundrycloud_foundry_uaa_boshMatch30

cloudfoundrycloud_foundry_uaa_boshMatch30.1

cloudfoundrycloud_foundry_uaa_boshMatch30.2

pivotal_softwarecloud_foundry_uaaRange≤4.2.0

pivotal_softwarecloud_foundry_uaaMatch2.2.5.4

pivotal_softwarecloud_foundry_uaaMatch2.7.1

pivotal_softwarecloud_foundry_uaaMatch2.7.2

pivotal_softwarecloud_foundry_uaaMatch2.7.3

pivotal_softwarecloud_foundry_uaaMatch2.7.4

pivotal_softwarecloud_foundry_uaaMatch2.7.4.1

pivotal_softwarecloud_foundry_uaaMatch2.7.4.2

pivotal_softwarecloud_foundry_uaaMatch2.7.4.3

pivotal_softwarecloud_foundry_uaaMatch2.7.4.4

pivotal_softwarecloud_foundry_uaaMatch2.7.4.5

pivotal_softwarecloud_foundry_uaaMatch2.7.4.6

pivotal_softwarecloud_foundry_uaaMatch2.7.4.7

pivotal_softwarecloud_foundry_uaaMatch2.7.4.8

pivotal_softwarecloud_foundry_uaaMatch2.7.4.9

pivotal_softwarecloud_foundry_uaaMatch2.7.4.11

pivotal_softwarecloud_foundry_uaaMatch2.7.4.12

pivotal_softwarecloud_foundry_uaaMatch2.7.4.13

pivotal_softwarecloud_foundry_uaaMatch2.7.4.14

pivotal_softwarecloud_foundry_uaaMatch2.7.4.15

pivotal_softwarecloud_foundry_uaaMatch2.7.4.16

pivotal_softwarecloud_foundry_uaaMatch3.6.1

pivotal_softwarecloud_foundry_uaaMatch3.6.2

pivotal_softwarecloud_foundry_uaaMatch3.6.3

pivotal_softwarecloud_foundry_uaaMatch3.6.4

pivotal_softwarecloud_foundry_uaaMatch3.6.5

pivotal_softwarecloud_foundry_uaaMatch3.6.6

pivotal_softwarecloud_foundry_uaaMatch3.6.7

pivotal_softwarecloud_foundry_uaaMatch3.6.8

pivotal_softwarecloud_foundry_uaaMatch3.6.9

pivotal_softwarecloud_foundry_uaaMatch3.6.10

pivotal_softwarecloud_foundry_uaaMatch3.9.1

pivotal_softwarecloud_foundry_uaaMatch3.9.2

pivotal_softwarecloud_foundry_uaaMatch3.9.3

pivotal_softwarecloud_foundry_uaaMatch3.9.4

pivotal_softwarecloud_foundry_uaaMatch3.9.5

pivotal_softwarecloud_foundry_uaaMatch3.9.6

pivotal_softwarecloud_foundry_uaaMatch3.9.7

pivotal_softwarecloud_foundry_uaaMatch3.9.8

pivotal_softwarecloud_foundry_uaaMatch3.9.9

pivotal_softwarecloud_foundry_uaaMatch3.9.10

pivotal_softwarecloud_foundry_uaaMatch3.9.11

pivotal_softwarecloud_foundry_uaaMatch3.9.12

pivotal_softwarecloud_foundry_uaaMatch3.9.13

CPENameOperatorVersion
cloudfoundry:cf-releasecloudfoundry cf-releasele260
cloudfoundry:cloud_foundry_uaa_boshcloudfoundry cloud foundry uaa boshle27
cloudfoundry:cloud_foundry_uaa_boshcloudfoundry cloud foundry uaa bosheq13.1
cloudfoundry:cloud_foundry_uaa_boshcloudfoundry cloud foundry uaa bosheq13.2
cloudfoundry:cloud_foundry_uaa_boshcloudfoundry cloud foundry uaa bosheq13.3
cloudfoundry:cloud_foundry_uaa_boshcloudfoundry cloud foundry uaa bosheq13.4
cloudfoundry:cloud_foundry_uaa_boshcloudfoundry cloud foundry uaa bosheq13.5
cloudfoundry:cloud_foundry_uaa_boshcloudfoundry cloud foundry uaa bosheq13.6
cloudfoundry:cloud_foundry_uaa_boshcloudfoundry cloud foundry uaa bosheq13.7
cloudfoundry:cloud_foundry_uaa_boshcloudfoundry cloud foundry uaa bosheq13.8

CPE	Name	Operator	Version
cloudfoundry:cf-release	cloudfoundry cf-release	le	260
cloudfoundry:cloud_foundry_uaa_bosh	cloudfoundry cloud foundry uaa bosh	le	27
cloudfoundry:cloud_foundry_uaa_bosh	cloudfoundry cloud foundry uaa bosh	eq	13.1
cloudfoundry:cloud_foundry_uaa_bosh	cloudfoundry cloud foundry uaa bosh	eq	13.2
cloudfoundry:cloud_foundry_uaa_bosh	cloudfoundry cloud foundry uaa bosh	eq	13.3
cloudfoundry:cloud_foundry_uaa_bosh	cloudfoundry cloud foundry uaa bosh	eq	13.4
cloudfoundry:cloud_foundry_uaa_bosh	cloudfoundry cloud foundry uaa bosh	eq	13.5
cloudfoundry:cloud_foundry_uaa_bosh	cloudfoundry cloud foundry uaa bosh	eq	13.6
cloudfoundry:cloud_foundry_uaa_bosh	cloudfoundry cloud foundry uaa bosh	eq	13.7
cloudfoundry:cloud_foundry_uaa_bosh	cloudfoundry cloud foundry uaa bosh	eq	13.8

Rows per page:

1-10 of 731

CNA Affected

[
  {
    "product": "Cloud Foundry",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Cloud Foundry"
      }
    ]
  }
]