CVE-2017-4959

2017-06-1306:00:00

dell

www.cve.org

8.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

41.4%

JSON

An issue was discovered in Pivotal PCF Elastic Runtime 1.8.x versions prior to 1.8.29 and 1.9.x versions prior to 1.9.7. Pivotal Cloud Foundry deployments using the Pivotal Account application are vulnerable to a flaw which allows an authorized user to take over the account of another user, causing account lockout and potential escalation of privileges.

CNA Affected

[
  {
    "product": "PCF Elastic Runtime",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "PCF Elastic Runtime"
      }
    ]
  }
]

References

www.securityfocus.com/bid/96218

pivotal.io/security/cve-2017-4959