CVE-2017-4959

Опубликовано: 13 июн. 2017

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

An issue was discovered in Pivotal PCF Elastic Runtime 1.8.x versions prior to 1.8.29 and 1.9.x versions prior to 1.9.7. Pivotal Cloud Foundry deployments using the Pivotal Account application are vulnerable to a flaw which allows an authorized user to take over the account of another user, causing account lockout and potential escalation of privileges.

Ссылки

http://www.securityfocus.com/bid/96218
Third Party Advisory
VDB Entry
https://pivotal.io/security/cve-2017-4959
Vendor Advisory
http://www.securityfocus.com/bid/96218
Third Party Advisory
VDB Entry
https://pivotal.io/security/cve-2017-4959
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.0:*:*:*:*:*:*:*

cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.1:*:*:*:*:*:*:*

cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.2:*:*:*:*:*:*:*

cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.3:*:*:*:*:*:*:*

cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.4:*:*:*:*:*:*:*

cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.5:*:*:*:*:*:*:*

cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.6:*:*:*:*:*:*:*

cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.7:*:*:*:*:*:*:*

cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.8:*:*:*:*:*:*:*

cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.9:*:*:*:*:*:*:*

cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.10:*:*:*:*:*:*:*

cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.11:*:*:*:*:*:*:*

cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.12:*:*:*:*:*:*:*

cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.13:*:*:*:*:*:*:*

cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.14:*:*:*:*:*:*:*

cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.15:*:*:*:*:*:*:*

cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.16:*:*:*:*:*:*:*

cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.17:*:*:*:*:*:*:*

cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.18:*:*:*:*:*:*:*

cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.19:*:*:*:*:*:*:*

cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.20:*:*:*:*:*:*:*

cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.21:*:*:*:*:*:*:*

cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.22:*:*:*:*:*:*:*

cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.23:*:*:*:*:*:*:*

cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.24:*:*:*:*:*:*:*

cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.25:*:*:*:*:*:*:*

cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.26:*:*:*:*:*:*:*

cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.27:*:*:*:*:*:*:*

cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.28:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.9.0:*:*:*:*:*:*:*

cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.9.1:*:*:*:*:*:*:*

cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.9.2:*:*:*:*:*:*:*

cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.9.3:*:*:*:*:*:*:*

cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.9.4:*:*:*:*:*:*:*

cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.9.5:*:*:*:*:*:*:*

cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.9.6:*:*:*:*:*:*:*

EPSS

Процентиль: 66%

0.00526

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-jj43-34cr-mw9j