CVE-2017-4960Cloud Foundry UAA Bosh vulnerability

4 documents4 sources
Severity
7.5HIGHNVD
EPSS
0.5%
top 36.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Cloudfoundry Cloud Foundry UAA BoshPivotal Software Cloud FoundryPivotal Software Cloud Foundry UAA
Timeline
PublishedMar 10
Latest updateMay 13

Description

An issue was discovered in Cloud Foundry release v247 through v252, UAA stand-alone release v3.9.0 through v3.11.0, and UAA Bosh Release v21 through v26. There is a potential to subject the UAA OAuth clients to a denial of service attack.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

🔴Vulnerability Details

3
GHSA
Cloud Foundry denial of service vulnerability2022-05-13
OSV
Cloud Foundry denial of service vulnerability2022-05-13
CVEList
CVE-2017-4960: An issue was discovered in Cloud Foundry release v247 through v252, UAA stand-alone release v32017-03-10
CVE-2017-4960 — Cloud Foundry UAA Bosh vulnerability | cvebase