CVE-2017-4994Improper Input Validation in Cloud Foundry UAA Bosh

CWE-20Improper Input Validation3 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.3%
top 51.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Cloudfoundry Cloud Foundry UAA BoshPivotal Software Cloud Foundry CFPivotal Software Cloud Foundry UAA
Timeline
PublishedJun 13
Latest updateMay 13

Description

An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v263; UAA release 2.x versions prior to v2.7.4.18, 3.6.x versions prior to v3.6.12, 3.9.x versions prior to v3.9.14, and other versions prior to v4.3.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.16, 24.x versions prior to v24.11, 30.x versions prior to 30.4, and other versions prior to v40. There was an issue with forwarded http headers in UAA that could result in account corruption.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

CVEListV5cloudfoundry/cloud_foundry_uaa_boshCloud Foundry

🔴Vulnerability Details

2
GHSA
GHSA-75xv-v35m-f8rh: An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v263; UAA release 22022-05-13
CVEList
CVE-2017-4994: An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v263; UAA release 22017-06-13
CVE-2017-4994 — Improper Input Validation | cvebase