CVE-2017-4959
Published Jun 13, 2017
Last updated 5 years ago
Overview
- Description
- An issue was discovered in Pivotal PCF Elastic Runtime 1.8.x versions prior to 1.8.29 and 1.9.x versions prior to 1.9.7. Pivotal Cloud Foundry deployments using the Pivotal Account application are vulnerable to a flaw which allows an authorized user to take over the account of another user, causing account lockout and potential escalation of privileges.
- Source
- security_alert@emc.com
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 6.5
- Impact score
- 6.4
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- NVD-CWE-noinfo
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "258FAFB4-2B67-456B-BE78-1562A3D5E9A6"
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "15F08919-8764-419D-A399-1EAA6B055C5D"
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "09BA6E79-22B6-4E5E-8C85-BBA8CB6C1828"
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FB328ACE-FC3C-4255-9400-A9BBC5059F5B"
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "877383E9-545F-4324-B8EA-76F33B7C11C2"
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7B6BCA5E-1A43-41AA-ACEC-2C73E1B84D26"
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0CF15EDB-2707-43E2-9B53-C0CCA28AC972"
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C896CBBE-BE7B-44C3-A25E-F85BC7F6CE51"
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "944374E2-A07E-4EEA-BE0C-47EF62FFABA2"
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.9:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CAEA85D5-10B2-4003-A857-2C46F9559694"
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "799E1F2E-DA5F-41B5-9B83-55661E18D726"
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.11:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AD9369A6-F59D-4C7A-830E-6EAC6F81A493"
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.12:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "31A2732A-0309-4DF0-9EF1-7954D10BCFCC"
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.13:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C3101A31-55B3-4212-B78F-FE574B445F91"
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.14:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DED599DA-D25C-45FD-9CDA-8E9E2D17364C"
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.15:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EBA779B7-1660-48B7-A648-E3952BFD1B14"
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.16:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "83A66A35-48D1-48E5-97A9-A6F136EC9BEE"
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.17:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "598033B9-A0FB-4A5B-9417-5A434608232A"
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.18:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A6CE5BCF-A1C8-4F24-A5BC-70FAF096253F"
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.19:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "85E0C92F-485D-4675-95F8-672E8489AF64"
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.20:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6B95BB7C-D9D7-4A63-B8AB-6EB456D236A5"
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.21:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A06AE8D5-F30A-4F73-AF69-622F01D0BF0C"
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.22:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "167A8FDC-4C37-4AC4-9A0D-B73602F8062F"
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.23:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DDAEFA2F-3E9E-4B4F-8679-7F70A3ED6292"
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.24:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "81501627-C022-4BEC-AF42-B10DF1CDA69E"
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.25:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2FD7FDCF-4123-4000-821B-88D5214AF74D"
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.26:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A0224626-1FB4-4DF5-B16F-5D2741E51E02"
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.27:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "ADD367D8-748B-4CE7-8CF4-0549B02B1766"
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.28:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F3DDC3D0-2523-4A10-824F-6630F7559CD8"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.9.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A4FA79FA-C53E-4852-941B-F8B32EBC0BE1"
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.9.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F25D21E0-E84B-4BCF-B2D0-2332CD583128"
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.9.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "80C76651-7E20-4456-ADA3-DF5020471743"
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.9.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CC7911DD-A3CC-4046-884D-C11A1263B037"
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.9.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8F122CEA-7924-45A6-BCFD-B9079C4B0DCA"
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.9.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EBBFA1F5-3A00-4BCE-8E8D-B3E898933A71"
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.9.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3329004D-1F23-4991-A8ED-51DB1E596FD8"
}
],
"operator": "OR"
}
]
}
]