Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2019-3777

Опубликовано: 07 мар. 2019
Источник: nvd
CVSS3: 8
CVSS3: 9.8
CVSS2: 5
EPSS Низкий

Описание

Pivotal Application Service (PAS), versions 2.2.x prior to 2.2.12, 2.3.x prior to 2.3.7 and 2.4.x prior to 2.4.3, contain apps manager that uses a cloud controller proxy that fails to verify SSL certs. A remote unauthenticated attacker that could hijack the Cloud Controller's DNS record could intercept access tokens sent to the Cloud Controller, giving the attacker access to the user's resources in the Cloud Controller

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:pivotal_software:application_service:*:*:*:*:*:*:*:*
Версия от 2.2.0 (включая) до 2.2.12 (исключая)
cpe:2.3:a:pivotal_software:application_service:*:*:*:*:*:*:*:*
Версия от 2.3.0 (включая) до 2.3.7 (исключая)
cpe:2.3:a:pivotal_software:application_service:*:*:*:*:*:*:*:*
Версия от 2.4.0 (включая) до 2.4.3 (исключая)

EPSS

Процентиль: 69%
0.00611
Низкий

8 High

CVSS3

9.8 Critical

CVSS3

5 Medium

CVSS2

Дефекты

CWE-295
CWE-295

Связанные уязвимости

github логотип

GHSA-g3g6-cq9j-rcv6

CVSS3: 9.8
github
больше 3 лет назад

Pivotal Application Service (PAS), versions 2.2.x prior to 2.2.12, 2.3.x prior to 2.3.7 and 2.4.x prior to 2.4.3, contain apps manager that uses a cloud controller proxy that fails to verify SSL certs. A remote unauthenticated attacker that could hijack the Cloud Controller's DNS record could intercept access tokens sent to the Cloud Controller, giving the attacker access to the user's resources in the Cloud Controller

EPSS

Процентиль: 69%
0.00611
Низкий

8 High

CVSS3

9.8 Critical

CVSS3

5 Medium

CVSS2

Дефекты

CWE-295
CWE-295