HIGH🇬🇧 English

CVE-2017-4963

CVSS 8.1v3.0pub. 2017-06-13upd. 2026-05-13

An issue was discovered in Cloud Foundry Foundation Cloud Foundry release v252 and earlier versions, UAA stand-alone release v2.0.0 - v2.7.4.12 & v3.0.0 - v3.11.0, and UAA bosh release v26 & earlier versions. UAA is vulnerable to session fixation when configured to authenticate against external SAML or OpenID Connect based identity providers.

oryginał EN
CVSS Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Pivotal Software Cloud Foundry Cf Release

    APP
    Pivotal Software
    ≤ 252
  • Pivotal Software Cloud Foundry Uaa

    APP
    Pivotal Software
    2.0.0 – 2.7.4.123.0.0 – 3.11.0
  • Pivotal Software Cloud Foundry Uaa Release

    APP
    Pivotal Software
    ≤ 26
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2018-15761CRITICAL9.9ten sam produkt

Cloud Foundry UAA release, versions prior to v64.0, and UAA, versions prior to 4.23.0, contains a validation e...

CVE-2015-5171CRITICAL9.8ten sam produkt

The password change functionality in Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivota...

CVE-2015-5172CRITICAL9.8ten sam produkt

Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime...

CVE-2017-4992CRITICAL9.8ten sam produkt

An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v261; UAA release 2.x version...

CVE-2016-6637CRITICAL9.6ten sam produkt

Multiple cross-site request forgery (CSRF) vulnerabilities in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x ...