3 matches found
EUVD-2026-42517
Use of a cryptographically weak random number generator in the GenerateRandomPassword function in bosh-windows-stemcell-builder allows a remote attacker to brute-force the resulting SSH login via TCP/22. Affected versions: bosh-windows-stemcell-builder versions prior to v2019.98...
CVE-2026-47830
CVE-2026-47830 affects bosh-windows-stemcell-builder (Cloud Foundry Foundation). The issue is Incorrect Permission Assignment in BOSH.Utils.psm1 that lets low-privileged authenticated users overwrite C:\bosh\service_wrapper.exe or C:\bosh\bosh-agent.exe, enabling them to gain NT AUTHORITY\SYSTEM ...
CVE-2026-47831 - Cryptographically Weak Password Generation in bosh-windows-stemcell-builder Allows Remote SSH Brute-Force Attacks | Cloud Foundry
High CVSSv4: High 7.7 CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSSv3: High 7.5 CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Vendor Cloud Foundry Foundation Versions Affected Severity is High unless otherwise noted. bosh-windows-stemcell-builder ā All versions prior to...