In Cloud Foundry Foundation cf-release versions prior to v285; cf-deployment versions prior to v1.7; UAA 4.5.x versions prior to 4.5.5, 4.8.x versions prior to 4.8.3, and 4.7.x versions prior to 4.7.4; and UAA-release 45.7.x versions prior to 45.7, 52.7.x versions prior to 52.7, and 53.3.x versions prior to 53.3, the SessionID is logged in audit event logs. An attacker can use the SessionID to impersonate a logged-in user.
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HPivotal Software Cloud Foundry Cf Deployment
APPPivotal Software< 1.7Pivotal Software Cloud Foundry Cf Release
APPPivotal Software< 285Pivotal Software Cloud Foundry Uaa
APPPivotal Software4.8.0 – 4.8.3 (bez)4.5.0 – 4.5.5 (bez)4.7.0 – 4.7.4 (bez)Pivotal Software Cloud Foundry Uaa Release
APPPivotal Software45.752.753.3
Related vulnerabilities
Cloud Foundry UAA release, versions prior to v64.0, and UAA, versions prior to 4.23.0, contains a validation e...
The password change functionality in Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivota...
Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime...
An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v261; UAA release 2.x version...
Multiple cross-site request forgery (CSRF) vulnerabilities in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x ...