CRITICAL🇵🇱 Wersja polska

CVE-2017-4992

CVSS 9.8v3.1pub. 2017-06-13upd. 2026-05-13

An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v261; UAA release 2.x versions prior to v2.7.4.17, 3.6.x versions prior to v3.6.11, 3.9.x versions prior to v3.9.13, and other versions prior to v4.2.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.15, 24.x versions prior to v24.10, 30.x versions prior to 30.3, and other versions prior to v37. There is privilege escalation (arbitrary password reset) with user invitations.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Cloudfoundry Cf Release

    APP
    Cloudfoundry
    ≤ 260
  • Cloudfoundry Cloud Foundry Uaa Bosh

    APP
    Cloudfoundry
    13.113.1013.1113.1213.1313.1413.213.313.413.513.613.713.813.924+ 13 więcej
  • Pivotal Software Cloud Foundry Uaa

    APP
    Pivotal Software
    2.2.5.42.7.12.7.22.7.32.7.42.7.4.12.7.4.112.7.4.122.7.4.132.7.4.142.7.4.152.7.4.162.7.4.22.7.4.32.7.4.4+ 29 więcej
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
LPE
CWE
References

Related vulnerabilities

CVE-2018-15761CRITICAL9.9ten sam produkt

Cloud Foundry UAA release, versions prior to v64.0, and UAA, versions prior to 4.23.0, contains a validation e...

CVE-2016-6658CRITICAL9.6ten sam produkt

Applications in cf-release before 245 can be configured and pushed with a user-provided custom buildpack using...

CVE-2015-5172CRITICAL9.8ten sam produkt

Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime...

CVE-2015-5171CRITICAL9.8ten sam produkt

The password change functionality in Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivota...

CVE-2016-6655CRITICAL9.8ten sam produkt

An issue was discovered in Cloud Foundry Foundation Cloud Foundry release versions prior to v245 and cf-mysql-...