4 matches found
org.cloudfoundry.identity:cloudfoundry-identity-api (>=3.0.0 <=3.20.0), org.cloudfoundry.identity:cloudfoundry-identity-app (>=3.0.0 <=3.20.0) +1 more potentially affected by CVE-2017-4991 via org.cloudfoundry.identity:cloudfoundry-identity-server (>=3.0.0 <=3.6.0)
org.cloudfoundry.identity:cloudfoundry-identity-server MAVEN version =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.20.0 Source cves: CVE-2017-4991 Source advisory: OSV:GHSA-CGRG-X34R-78F3...
org.cloudfoundry.identity:cloudfoundry-identity-api (>=3.7.0 <=3.9.1), org.cloudfoundry.identity:cloudfoundry-identity-app (>=3.7.0 <=3.9.1) +1 more potentially affected by CVE-2017-4991 via org.cloudfoundry.identity:cloudfoundry-identity-server (>=3.7.0 <=3.9.1)
org.cloudfoundry.identity:cloudfoundry-identity-server MAVEN version =3.7.0, =3.7.0, =3.7.0, =3.7.0, =3.9.1 Source cves: CVE-2017-4991 Source advisory: OSV:GHSA-CGRG-X34R-78F3...
CVE-2017-4991
CVE-2017-4991 affects Cloud Foundry products: cf-release versions before v260 and multiple UAA releases (2.x before v2.7.4.16; 3.6.x before v3.6.10; 3.9.x before v3.9.12; others before v3.17.0) plus UAA-bosh releases (uaa-release) before v13.14, v24.9, v30.2, and earlier versions before v36. The ...
CVE-2017-4991: UAA password reset vulnerability | Cloud Foundry
Severity High Vendor Cloud Foundry Foundation Versions Affected cf-release versions prior to v260 UAA release: 2.x versions prior to v2.7.4.16 3.6.x versions prior to v3.6.10 3.9.x versions prior to v3.9.12 Other versions prior to v3.17.0 UAA bosh release uaa-release: 13.x versions prior to v13.1...