CVE-2017-4959

An issue was discovered in Pivotal PCF Elastic Runtime 1.8.x versions prior to 1.8.29 and 1.9.x versions prior to 1.9.7. Pivotal Cloud Foundry deployments using the Pivotal Account application are vulnerable to a flaw which allows an authorized user to take over the account of another user, causing account lockout and potential escalation of privileges.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
dellCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 65%
VendorProductVersion
pivotal_softwarecloud_foundry_elastic_runtime
1.8.0
pivotal_softwarecloud_foundry_elastic_runtime
1.8.1
pivotal_softwarecloud_foundry_elastic_runtime
1.8.2
pivotal_softwarecloud_foundry_elastic_runtime
1.8.3
pivotal_softwarecloud_foundry_elastic_runtime
1.8.4
pivotal_softwarecloud_foundry_elastic_runtime
1.8.5
pivotal_softwarecloud_foundry_elastic_runtime
1.8.6
pivotal_softwarecloud_foundry_elastic_runtime
1.8.7
pivotal_softwarecloud_foundry_elastic_runtime
1.8.8
pivotal_softwarecloud_foundry_elastic_runtime
1.8.9
pivotal_softwarecloud_foundry_elastic_runtime
1.8.10
pivotal_softwarecloud_foundry_elastic_runtime
1.8.11
pivotal_softwarecloud_foundry_elastic_runtime
1.8.12
pivotal_softwarecloud_foundry_elastic_runtime
1.8.13
pivotal_softwarecloud_foundry_elastic_runtime
1.8.14
pivotal_softwarecloud_foundry_elastic_runtime
1.8.15
pivotal_softwarecloud_foundry_elastic_runtime
1.8.16
pivotal_softwarecloud_foundry_elastic_runtime
1.8.17
pivotal_softwarecloud_foundry_elastic_runtime
1.8.18
pivotal_softwarecloud_foundry_elastic_runtime
1.8.19
pivotal_softwarecloud_foundry_elastic_runtime
1.8.20
pivotal_softwarecloud_foundry_elastic_runtime
1.8.21
pivotal_softwarecloud_foundry_elastic_runtime
1.8.22
pivotal_softwarecloud_foundry_elastic_runtime
1.8.23
pivotal_softwarecloud_foundry_elastic_runtime
1.8.24
pivotal_softwarecloud_foundry_elastic_runtime
1.8.25
pivotal_softwarecloud_foundry_elastic_runtime
1.8.26
pivotal_softwarecloud_foundry_elastic_runtime
1.8.27
pivotal_softwarecloud_foundry_elastic_runtime
1.8.28
pivotal_softwarecloud_foundry_elastic_runtime
1.9.0
pivotal_softwarecloud_foundry_elastic_runtime
1.9.1
pivotal_softwarecloud_foundry_elastic_runtime
1.9.2
pivotal_softwarecloud_foundry_elastic_runtime
1.9.3
pivotal_softwarecloud_foundry_elastic_runtime
1.9.4
pivotal_softwarecloud_foundry_elastic_runtime
1.9.5
pivotal_softwarecloud_foundry_elastic_runtime
1.9.6
𝑥
= Vulnerable software versions
References
http://www.securityfocus.com/bid/96218
https://pivotal.io/security/cve-2017-4959
http://www.securityfocus.com/bid/96218
https://pivotal.io/security/cve-2017-4959