CVE-2017-4959 — Software Cloud Foundry Elastic Runtime vulnerability

3 documents3 sources

Severity

8.8HIGHNVD

EPSS

0.5%

top 32.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Pivotal Software Cloud Foundry Elastic Runtime

Timeline

PublishedJun 13

Latest updateMay 13

Description

An issue was discovered in Pivotal PCF Elastic Runtime 1.8.x versions prior to 1.8.29 and 1.9.x versions prior to 1.9.7. Pivotal Cloud Foundry deployments using the Pivotal Account application are vulnerable to a flaw which allows an authorized user to take over the account of another user, causing account lockout and potential escalation of privileges.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

▶NVDpivotal_software/cloud_foundry_elastic_runtime36 versions+35

🔴Vulnerability Details

GHSA

GHSA-jj43-34cr-mw9j: An issue was discovered in Pivotal PCF Elastic Runtime 1↗2022-05-13

▶

CVEList

CVE-2017-4959: An issue was discovered in Pivotal PCF Elastic Runtime 1↗2017-06-13

▶