Search criteria
84 vulnerabilities found for cloud_foundry_elastic_runtime by pivotal_software
FKIE_CVE-2016-0715
Vulnerability from fkie_nvd - Published: 2018-09-11 17:29 - Updated: 2024-11-21 02:42
Severity ?
Summary
Pivotal Cloud Foundry Elastic Runtime version 1.4.0 through 1.4.5, 1.5.0 through 1.5.11 and 1.6.0 through 1.6.11 is vulnerable to a remote information disclosure. It was found that original mitigation configuration instructions provided as part of CVE-2016-0708 were incomplete and could leave PHP Buildpack, Staticfile Buildpack and potentially other custom Buildpack applications vulnerable to remote information disclosure. Affected applications use automated buildpack detection, serve files directly from the root of the application and have a buildpack that matched after the Java Buildpack in the system buildpack priority when Java Buildpack versions 2.0 through 3.4 were present.
References
| URL | Tags | ||
|---|---|---|---|
| secalert@redhat.com | https://pivotal.io/security/cve-2016-0715 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pivotal.io/security/cve-2016-0715 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pivotal_software | cloud_foundry_elastic_runtime | * | |
| pivotal_software | cloud_foundry_elastic_runtime | * | |
| pivotal_software | cloud_foundry_elastic_runtime | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:*:*:*:*:*:*:*:*",
"matchCriteriaId": "61E71217-AE50-4073-8B25-555BE399AB4C",
"versionEndIncluding": "1.4.5",
"versionStartIncluding": "1.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6B65F98-7509-4CA9-9692-CAA75ADE6ECC",
"versionEndIncluding": "1.5.11",
"versionStartIncluding": "1.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FD0DD97E-27F9-4C12-9FFE-A5C6C0A09473",
"versionEndIncluding": "1.6.11",
"versionStartIncluding": "1.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Pivotal Cloud Foundry Elastic Runtime version 1.4.0 through 1.4.5, 1.5.0 through 1.5.11 and 1.6.0 through 1.6.11 is vulnerable to a remote information disclosure. It was found that original mitigation configuration instructions provided as part of CVE-2016-0708 were incomplete and could leave PHP Buildpack, Staticfile Buildpack and potentially other custom Buildpack applications vulnerable to remote information disclosure. Affected applications use automated buildpack detection, serve files directly from the root of the application and have a buildpack that matched after the Java Buildpack in the system buildpack priority when Java Buildpack versions 2.0 through 3.4 were present."
},
{
"lang": "es",
"value": "Pivotal Cloud Foundry Elastic Runtime, desde la versi\u00f3n 1.4.0 hasta la 1.4.5, de la 1.5.0 hasta la 1.5.11 y desde la versi\u00f3n 1.6.0 hasta la 1.6.11 es vulnerable a una divulgaci\u00f3n de informaci\u00f3n remota. Se ha detectado que las instrucciones originales de configuraci\u00f3n de la mitigaci\u00f3n que se proporcionaron como parte de CVE-2016-0708 estaban incompletas y podr\u00edan hacer que PHP Buildpack, Staticfile Buildpack y, probablemente, otras aplicaciones Buildpack personalizadas sean vulnerables a la divulgaci\u00f3n de informaci\u00f3n remota. Las aplicaciones afectadas emplean la detecci\u00f3n automatizada de buildpack, sirven archivos directamente desde el root de la aplicaci\u00f3n y tienen un buildpack que coincid\u00eda con el Java Buildpack en la prioridad del sistema buildpack cuando Java Buildpack estaba presente en versiones desde la2.0 hasta la 3.4."
}
],
"id": "CVE-2016-0715",
"lastModified": "2024-11-21T02:42:14.563",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-11T17:29:00.223",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2016-0715"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2016-0715"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-6658
Vulnerability from fkie_nvd - Published: 2018-03-29 22:29 - Updated: 2024-11-21 02:56
Severity ?
Summary
Applications in cf-release before 245 can be configured and pushed with a user-provided custom buildpack using a URL pointing to the buildpack. Although it is not recommended, a user can specify a credential in the URL (basic auth or OAuth) to access the buildpack through the CLI. For example, the user could include a GitHub username and password in the URL to access a private repo. Because the URL to access the buildpack is stored unencrypted, an operator with privileged access to the Cloud Controller database could view these credentials.
References
| URL | Tags | ||
|---|---|---|---|
| security_alert@emc.com | https://pivotal.io/security/cve-2016-6658 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pivotal.io/security/cve-2016-6658 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cloudfoundry:cf-release:*:*:*:*:*:*:*:*",
"matchCriteriaId": "381D7323-8A68-4814-9193-67B6EEC6678D",
"versionEndExcluding": "245",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:*:*:*:*:*:*:*:*",
"matchCriteriaId": "40E584D4-7CA3-42E0-A9F3-79E67C111D65",
"versionEndExcluding": "1.6.49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0DD51AC4-E544-4E15-BC72-D252D9773EA8",
"versionEndExcluding": "1.7.31",
"versionStartIncluding": "1.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:*:*:*:*:*:*:*:*",
"matchCriteriaId": "11FE44C3-64CB-499F-A81F-DFB6E8BA3EFE",
"versionEndExcluding": "1.8.11",
"versionStartIncluding": "1.8.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Applications in cf-release before 245 can be configured and pushed with a user-provided custom buildpack using a URL pointing to the buildpack. Although it is not recommended, a user can specify a credential in the URL (basic auth or OAuth) to access the buildpack through the CLI. For example, the user could include a GitHub username and password in the URL to access a private repo. Because the URL to access the buildpack is stored unencrypted, an operator with privileged access to the Cloud Controller database could view these credentials."
},
{
"lang": "es",
"value": "Applications en cf-release, en versiones anteriores a la 245, puede configurarse e insertarse con un buildpack personalizado proporcionado por el usuario mediante una URL que se\u00f1ale al buildpack. Aunque no se recomienda, un usuario puede especificar una credencial en la URL (basic auth o OAuth) para acceder al buildpack a trav\u00e9s del CLI. Por ejemplo, el usuario puede incluir un nombre de usuario y contrase\u00f1a de GitHub en la URL para acceder a un repositorio privado. Debido a que la URL empleada para acceder al buildpack se almacena sin cifrar, un operador con acceso privilegiado a la base de datos de Cloud Controller podr\u00eda ver estas credenciales."
}
],
"id": "CVE-2016-6658",
"lastModified": "2024-11-21T02:56:34.143",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.1,
"impactScore": 5.8,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-29T22:29:00.477",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2016-6658"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2016-6658"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-5171
Vulnerability from fkie_nvd - Published: 2017-10-24 17:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
The password change functionality in Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire existing sessions.
References
| URL | Tags | ||
|---|---|---|---|
| secalert@redhat.com | https://pivotal.io/security/cve-2015-5170-5173 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pivotal.io/security/cve-2015-5170-5173 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cloudfoundry | cf-release | * | |
| pivotal_software | cloud_foundry_elastic_runtime | * | |
| pivotal_software | cloud_foundry_uaa | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cloudfoundry:cf-release:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E39C984-9592-4C18-A220-F3BF2FF0E4D3",
"versionEndExcluding": "216",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:*:*:*:*:*:*:*:*",
"matchCriteriaId": "349BBE7C-CB38-4F96-B42C-03982C4D6071",
"versionEndExcluding": "1.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6FF9860B-08BA-42CA-A3C0-34BE821C47B2",
"versionEndExcluding": "2.5.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The password change functionality in Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire existing sessions."
},
{
"lang": "es",
"value": "La funcionalidad de cambio de contrase\u00f1a en Cloud Foundry Runtime cf-release en versiones anteriores a la 216, UAA en versiones anteriores a la 2.5.2 y Pivotal Cloud Foundry (PCF) Elastic Runtime en versiones anteriores a la 1.7.0 permite que los atacantes causen un impacto no especificado aprovechando que no caducan las sesiones existentes."
}
],
"id": "CVE-2015-5171",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-24T17:29:00.230",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2015-5170-5173"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2015-5170-5173"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-613"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-5170
Vulnerability from fkie_nvd - Published: 2017-10-24 17:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow remote attackers to conduct cross-site request forgery (CSRF) attacks on PWS and log a user into an arbitrary account by leveraging lack of CSRF checks.
References
| URL | Tags | ||
|---|---|---|---|
| secalert@redhat.com | http://www.securityfocus.com/bid/101579 | Third Party Advisory, VDB Entry | |
| secalert@redhat.com | https://pivotal.io/security/cve-2015-5170-5173 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/101579 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pivotal.io/security/cve-2015-5170-5173 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cloudfoundry | cf-release | * | |
| pivotal_software | cloud_foundry_elastic_runtime | * | |
| pivotal_software | cloud_foundry_uaa | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cloudfoundry:cf-release:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E39C984-9592-4C18-A220-F3BF2FF0E4D3",
"versionEndExcluding": "216",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:*:*:*:*:*:*:*:*",
"matchCriteriaId": "349BBE7C-CB38-4F96-B42C-03982C4D6071",
"versionEndExcluding": "1.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6FF9860B-08BA-42CA-A3C0-34BE821C47B2",
"versionEndExcluding": "2.5.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow remote attackers to conduct cross-site request forgery (CSRF) attacks on PWS and log a user into an arbitrary account by leveraging lack of CSRF checks."
},
{
"lang": "es",
"value": "Cloud Foundry Runtime cf-release en versiones anteriores a la 216, UAA en versiones anteriores a la 2.5.2 y Pivotal Cloud Foundry (PCF) Elastic Runtime en versiones anteriores a la 1.7.0 permite que atacantes remotos realicen ataques Cross-Site Request Forgery (CSRF) en PWS y registren un usuario en una cuenta arbitraria aprovech\u00e1ndose de la falta de chequeos contra CSRF."
}
],
"id": "CVE-2015-5170",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-24T17:29:00.183",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101579"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2015-5170-5173"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101579"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2015-5170-5173"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-5173
Vulnerability from fkie_nvd - Published: 2017-10-24 17:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact via vectors involving emails with password recovery links, aka "Cross Domain Referer Leakage."
References
| URL | Tags | ||
|---|---|---|---|
| secalert@redhat.com | https://pivotal.io/security/cve-2015-5170-5173 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pivotal.io/security/cve-2015-5170-5173 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cloudfoundry | cf-release | * | |
| pivotal_software | cloud_foundry_elastic_runtime | * | |
| pivotal_software | cloud_foundry_uaa | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cloudfoundry:cf-release:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E39C984-9592-4C18-A220-F3BF2FF0E4D3",
"versionEndExcluding": "216",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:*:*:*:*:*:*:*:*",
"matchCriteriaId": "349BBE7C-CB38-4F96-B42C-03982C4D6071",
"versionEndExcluding": "1.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6FF9860B-08BA-42CA-A3C0-34BE821C47B2",
"versionEndExcluding": "2.5.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact via vectors involving emails with password recovery links, aka \"Cross Domain Referer Leakage.\""
},
{
"lang": "es",
"value": "Cloud Foundry Runtime cf-release en versiones anteriores a la 216, UAA en versiones anteriores a la 2.5.2 y Pivotal Cloud Foundry (PCF) Elastic Runtime en versiones anteriores a la 1.7.0 permite que los atacantes causen un impacto no especificado mediante vectores que involucren emails con enlaces de recuperaci\u00f3n de contrase\u00f1as. Esta vulnerabilidad tambi\u00e9n se conoce como \"Cross Domain Referer Leakage\"."
}
],
"id": "CVE-2015-5173",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-24T17:29:00.290",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2015-5170-5173"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2015-5170-5173"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-5172
Vulnerability from fkie_nvd - Published: 2017-10-24 17:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire password reset links.
References
| URL | Tags | ||
|---|---|---|---|
| secalert@redhat.com | https://pivotal.io/security/cve-2015-5170-5173 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pivotal.io/security/cve-2015-5170-5173 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cloudfoundry | cf-release | * | |
| pivotal_software | cloud_foundry_elastic_runtime | * | |
| pivotal_software | cloud_foundry_uaa | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cloudfoundry:cf-release:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E39C984-9592-4C18-A220-F3BF2FF0E4D3",
"versionEndExcluding": "216",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:*:*:*:*:*:*:*:*",
"matchCriteriaId": "349BBE7C-CB38-4F96-B42C-03982C4D6071",
"versionEndExcluding": "1.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6FF9860B-08BA-42CA-A3C0-34BE821C47B2",
"versionEndExcluding": "2.5.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire password reset links."
},
{
"lang": "es",
"value": "Cloud Foundry Runtime cf-release en versiones anteriores a la 216, UAA en versiones anteriores a la 2.5.2 y Pivotal Cloud Foundry (PCF) Elastic Runtime en versiones anteriores a la 1.7.0 permite que atacantes causen un impacto no especificado aprovechando que no caducan los enlaces de reinicio de contrase\u00f1a."
}
],
"id": "CVE-2015-5172",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-24T17:29:00.260",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2015-5170-5173"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2015-5170-5173"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-640"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-2773
Vulnerability from fkie_nvd - Published: 2017-06-13 06:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.60, 1.7.x versions prior to 1.7.41, 1.8.x versions prior to 1.8.23, and 1.9.x versions prior to 1.9.1. Incomplete validation logic in JSON Web Token (JWT) libraries can allow unprivileged attackers to impersonate other users in multiple components included in PCF Elastic Runtime, aka an "Unauthenticated JWT signing algorithm in multiple components" issue.
References
| URL | Tags | ||
|---|---|---|---|
| security_alert@emc.com | http://www.securityfocus.com/bid/97135 | Third Party Advisory, VDB Entry | |
| security_alert@emc.com | https://pivotal.io/security/cve-2017-2773 | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/97135 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pivotal.io/security/cve-2017-2773 | Mitigation, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CC5918-BC38-46E3-8000-5FE87A65C0E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "36926681-35F4-4619-9613-155DEEEA3C8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "41FF3C2B-E96F-4DF7-A5C4-703206CB729E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F9CB3C2D-3080-4A3D-8D8D-1381B5D98920",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "782781EB-147C-4B00-84C5-1D8443BFA2D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "35A56755-EEB2-4C93-B180-3918A36965AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E4009F10-08AF-470B-B903-38B8A6DBF332",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2B2E8F04-53E6-4A3C-BE4B-8D0DDA22CA8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "790DAB24-893A-463F-8358-171DACD75074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3645A1A8-4945-447F-A968-101D5938F9C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "0E52C9B9-8F94-48D8-ADA6-96918F6AAD36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "3948FC2F-AF3B-4AF3-968D-F124D03A213A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.12:*:*:*:*:*:*:*",
"matchCriteriaId": "4BA44F9B-97D5-48C0-91E9-6D3FEC8B7773",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.13:*:*:*:*:*:*:*",
"matchCriteriaId": "7B414F88-6541-48C6-B9D6-4DDA035A0037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.14:*:*:*:*:*:*:*",
"matchCriteriaId": "66235C7F-D5EE-4989-8D24-6D0781954234",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.15:*:*:*:*:*:*:*",
"matchCriteriaId": "12E75B49-2419-4313-A648-B5283DA620E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.16:*:*:*:*:*:*:*",
"matchCriteriaId": "EED70273-3FB2-4652-9AA2-10E2E9D581DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.17:*:*:*:*:*:*:*",
"matchCriteriaId": "A2C07910-C462-46C1-83CB-39B3FD8D25BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.18:*:*:*:*:*:*:*",
"matchCriteriaId": "C6B9243E-31EF-48AB-BAB5-CCC3704A219F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.19:*:*:*:*:*:*:*",
"matchCriteriaId": "2BCB1D4B-F44C-41A1-90CA-62FD37003A1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.20:*:*:*:*:*:*:*",
"matchCriteriaId": "F623783F-46DF-454E-BD83-5D2AE35EA9B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.21:*:*:*:*:*:*:*",
"matchCriteriaId": "6BD9D35B-3E85-49FD-BA0A-D9020C5F280E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.22:*:*:*:*:*:*:*",
"matchCriteriaId": "A28CEEDF-FA40-4922-87A6-35DEBF184DC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.23:*:*:*:*:*:*:*",
"matchCriteriaId": "D4F08111-51B1-4866-8695-C0877FC77D0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.24:*:*:*:*:*:*:*",
"matchCriteriaId": "9FC58A11-78C4-495B-A898-048EE9F3063D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.25:*:*:*:*:*:*:*",
"matchCriteriaId": "620EAB8D-3754-494D-9912-724A0FE1E80F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.26:*:*:*:*:*:*:*",
"matchCriteriaId": "ADBA74BD-EF83-4F29-8040-FB5B35D38C9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.27:*:*:*:*:*:*:*",
"matchCriteriaId": "A1E00BE6-B2B6-4C02-9510-1F3DCC081173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.28:*:*:*:*:*:*:*",
"matchCriteriaId": "A4D9E726-CF92-4DE5-8A04-02428328CC8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.29:*:*:*:*:*:*:*",
"matchCriteriaId": "5E1CAC4E-3CD6-4D0C-8544-9481E57FD338",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.30:*:*:*:*:*:*:*",
"matchCriteriaId": "D1D0F13A-D149-492D-A484-B7F4235B2DC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.31:*:*:*:*:*:*:*",
"matchCriteriaId": "160A9972-DCF2-46A9-8025-938C492E5A0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.32:*:*:*:*:*:*:*",
"matchCriteriaId": "43978845-CC25-4975-8155-AC0999A4268B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.33:*:*:*:*:*:*:*",
"matchCriteriaId": "7B1A6848-16B9-47EC-B7C8-7740086398F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.34:*:*:*:*:*:*:*",
"matchCriteriaId": "D9708D36-4A9B-484A-A627-69A85D66EDF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.35:*:*:*:*:*:*:*",
"matchCriteriaId": "F0AB1C89-79D2-4997-A00D-E6E62243278B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.36:*:*:*:*:*:*:*",
"matchCriteriaId": "C071EA95-4AE2-43DC-900F-3DDD38959754",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.37:*:*:*:*:*:*:*",
"matchCriteriaId": "A6FF1F58-580A-4035-9427-1B4E96FC9E9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.38:*:*:*:*:*:*:*",
"matchCriteriaId": "71499439-2748-4B4F-8659-AE4F67CCC8AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.39:*:*:*:*:*:*:*",
"matchCriteriaId": "50161ECB-FEEA-4E1C-8DF9-5F3F7D944895",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.40:*:*:*:*:*:*:*",
"matchCriteriaId": "6D21BF37-C46C-4AF2-BEDA-F048520B2364",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.41:*:*:*:*:*:*:*",
"matchCriteriaId": "22F33DD4-DDE7-4742-8FC6-15B6A1879A27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.42:*:*:*:*:*:*:*",
"matchCriteriaId": "74509FEE-7166-4E02-8DF1-8F37DF6B0544",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.43:*:*:*:*:*:*:*",
"matchCriteriaId": "1A8CCAAC-4ED2-4EA2-A929-ED2A2422DB39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.44:*:*:*:*:*:*:*",
"matchCriteriaId": "7E5340E4-0C9D-40F5-9E34-14E793A44361",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.45:*:*:*:*:*:*:*",
"matchCriteriaId": "C45701FC-4423-4C05-A32F-75DB4B9F1E4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.46:*:*:*:*:*:*:*",
"matchCriteriaId": "902B67BD-57D8-4088-9FD6-9691ADB86D76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.47:*:*:*:*:*:*:*",
"matchCriteriaId": "28873E30-9073-424E-B68B-8DF11AFB72E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.48:*:*:*:*:*:*:*",
"matchCriteriaId": "B2F8DC97-BBBA-4377-ADF0-1F92AC5E135E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.49:*:*:*:*:*:*:*",
"matchCriteriaId": "C3585890-0DD5-4184-9AEE-5F22EACA2963",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.50:*:*:*:*:*:*:*",
"matchCriteriaId": "3B26DE06-585E-4E8B-81BD-5DAF32CF1893",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.51:*:*:*:*:*:*:*",
"matchCriteriaId": "12188BF1-1307-48B0-AAE4-6C91402B726F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.52:*:*:*:*:*:*:*",
"matchCriteriaId": "335DB844-E49A-439E-A4B3-D8E45BFE5DBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.53:*:*:*:*:*:*:*",
"matchCriteriaId": "DA90B5C3-4F17-4F8C-83A2-DFCD194F965C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.54:*:*:*:*:*:*:*",
"matchCriteriaId": "AA644782-F305-4BDB-B720-FF88D5B40308",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.55:*:*:*:*:*:*:*",
"matchCriteriaId": "97E71936-5F88-4A8C-BFE5-9591FEC3B5F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.56:*:*:*:*:*:*:*",
"matchCriteriaId": "62C9C2B9-DF79-4C9E-87F1-2949F9FC8C6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.57:*:*:*:*:*:*:*",
"matchCriteriaId": "1F458801-EB3D-4295-B7B1-AA8259758157",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.58:*:*:*:*:*:*:*",
"matchCriteriaId": "9FC59E2D-87E5-486E-8035-878B9C85E18A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.59:*:*:*:*:*:*:*",
"matchCriteriaId": "3870B8B2-FAF2-4374-B580-9884B72F2FB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B75A7F-EAAC-4D81-9A10-D8DB45828EC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FA53D5B4-75BF-445F-96AA-4DC308B76E64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6DD5D5D9-604D-4917-99D0-1F41784A6835",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6B2BF60D-EEEE-4F4C-A19F-108C78366089",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5EED880C-5EF5-4FEA-A4BD-58CA61C12A9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DDA80BA5-66B0-4A6C-B552-175DBB930EB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BCDBAF27-D5DC-4379-A76E-7BD2CD98EB5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D957FD98-C2B4-48C2-81A0-37B2581E9F52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0DADB2DA-A12F-426E-9DEB-3628B081F78D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "99C97080-9BD3-4F17-A0E4-80F9F4CD7DB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E764D26C-D2C4-496C-936F-BF6793BF7C70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.12:*:*:*:*:*:*:*",
"matchCriteriaId": "1E574EDD-AD33-4A00-8E14-76F0134EC00B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.13:*:*:*:*:*:*:*",
"matchCriteriaId": "A2274274-C1F8-4E42-AF7A-BDBF379E823E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.14:*:*:*:*:*:*:*",
"matchCriteriaId": "DCB25167-8350-4362-876C-690F5B5B057C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.15:*:*:*:*:*:*:*",
"matchCriteriaId": "28F89423-3AEE-475A-BBBA-B895D9732A14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.16:*:*:*:*:*:*:*",
"matchCriteriaId": "B4B5CB0D-09C9-4CB2-B842-CA68400CDAAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.17:*:*:*:*:*:*:*",
"matchCriteriaId": "F047032B-218E-41BF-9F46-4682D415960E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.18:*:*:*:*:*:*:*",
"matchCriteriaId": "B291CCA0-EAE5-4900-ABF3-9A9D76910BD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.19:*:*:*:*:*:*:*",
"matchCriteriaId": "DB8DAD87-111B-4F17-85CC-65C395851079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.20:*:*:*:*:*:*:*",
"matchCriteriaId": "248878D6-7987-4608-9A28-66F3F7EFB976",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.21:*:*:*:*:*:*:*",
"matchCriteriaId": "62465763-0887-4082-9363-8F70B264F29A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "088B4A1B-3E98-4B9E-8430-30F6E61B560B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.23:*:*:*:*:*:*:*",
"matchCriteriaId": "2A13F165-C8D2-4BCB-84D3-B264C3DDD1FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.24:*:*:*:*:*:*:*",
"matchCriteriaId": "0844334C-E31A-4D85-B12A-AD06A00BF76D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.25:*:*:*:*:*:*:*",
"matchCriteriaId": "10CF4D45-1011-4252-A1A0-7A60BF6010ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.26:*:*:*:*:*:*:*",
"matchCriteriaId": "4F9CB7CA-00B2-4583-ACDB-9269E380D328",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.27:*:*:*:*:*:*:*",
"matchCriteriaId": "DDCF9CD2-4D4C-44CF-BD32-146A7C782DD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.28:*:*:*:*:*:*:*",
"matchCriteriaId": "034CA20F-30F2-4A6B-BE15-685864B4BB41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.29:*:*:*:*:*:*:*",
"matchCriteriaId": "D4B5BB61-A6FF-4F7B-852F-6EE86992E5C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.30:*:*:*:*:*:*:*",
"matchCriteriaId": "1D25BD5D-948B-4E5E-B25D-669CEDA02A1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.31:*:*:*:*:*:*:*",
"matchCriteriaId": "4634673B-84CD-4FCD-AECB-D5B865C0B05B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.32:*:*:*:*:*:*:*",
"matchCriteriaId": "57AE9EB2-4FA8-4186-B6F2-3F8EE3AB880E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.33:*:*:*:*:*:*:*",
"matchCriteriaId": "2B077E17-2BDC-4A55-990C-EE9036D80895",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.34:*:*:*:*:*:*:*",
"matchCriteriaId": "ECAB3961-38F3-4AEE-8EEA-AC929F93F9C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.35:*:*:*:*:*:*:*",
"matchCriteriaId": "FB91D749-3F61-4EAA-872B-27E66BF6D234",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.36:*:*:*:*:*:*:*",
"matchCriteriaId": "F23EA9FC-3396-40DB-925F-62CBA92B407C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.37:*:*:*:*:*:*:*",
"matchCriteriaId": "47D4AF5F-FCC7-4795-9E12-7EEA3686F059",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC87A91E-9804-4E77-99F0-75D87C970151",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.39:*:*:*:*:*:*:*",
"matchCriteriaId": "BE43BD2D-DD11-49F8-9894-719982B1B4FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.40:*:*:*:*:*:*:*",
"matchCriteriaId": "3BF27099-228F-422B-95BA-F8BDDCD72D18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "15F08919-8764-419D-A399-1EAA6B055C5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "09BA6E79-22B6-4E5E-8C85-BBA8CB6C1828",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FB328ACE-FC3C-4255-9400-A9BBC5059F5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "877383E9-545F-4324-B8EA-76F33B7C11C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7B6BCA5E-1A43-41AA-ACEC-2C73E1B84D26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0CF15EDB-2707-43E2-9B53-C0CCA28AC972",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C896CBBE-BE7B-44C3-A25E-F85BC7F6CE51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "944374E2-A07E-4EEA-BE0C-47EF62FFABA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.9:*:*:*:*:*:*:*",
"matchCriteriaId": "CAEA85D5-10B2-4003-A857-2C46F9559694",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "799E1F2E-DA5F-41B5-9B83-55661E18D726",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.11:*:*:*:*:*:*:*",
"matchCriteriaId": "AD9369A6-F59D-4C7A-830E-6EAC6F81A493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.12:*:*:*:*:*:*:*",
"matchCriteriaId": "31A2732A-0309-4DF0-9EF1-7954D10BCFCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.13:*:*:*:*:*:*:*",
"matchCriteriaId": "C3101A31-55B3-4212-B78F-FE574B445F91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.14:*:*:*:*:*:*:*",
"matchCriteriaId": "DED599DA-D25C-45FD-9CDA-8E9E2D17364C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.15:*:*:*:*:*:*:*",
"matchCriteriaId": "EBA779B7-1660-48B7-A648-E3952BFD1B14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.16:*:*:*:*:*:*:*",
"matchCriteriaId": "83A66A35-48D1-48E5-97A9-A6F136EC9BEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.17:*:*:*:*:*:*:*",
"matchCriteriaId": "598033B9-A0FB-4A5B-9417-5A434608232A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.18:*:*:*:*:*:*:*",
"matchCriteriaId": "A6CE5BCF-A1C8-4F24-A5BC-70FAF096253F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.19:*:*:*:*:*:*:*",
"matchCriteriaId": "85E0C92F-485D-4675-95F8-672E8489AF64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.20:*:*:*:*:*:*:*",
"matchCriteriaId": "6B95BB7C-D9D7-4A63-B8AB-6EB456D236A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.21:*:*:*:*:*:*:*",
"matchCriteriaId": "A06AE8D5-F30A-4F73-AF69-622F01D0BF0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.22:*:*:*:*:*:*:*",
"matchCriteriaId": "167A8FDC-4C37-4AC4-9A0D-B73602F8062F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A4FA79FA-C53E-4852-941B-F8B32EBC0BE1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.60, 1.7.x versions prior to 1.7.41, 1.8.x versions prior to 1.8.23, and 1.9.x versions prior to 1.9.1. Incomplete validation logic in JSON Web Token (JWT) libraries can allow unprivileged attackers to impersonate other users in multiple components included in PCF Elastic Runtime, aka an \"Unauthenticated JWT signing algorithm in multiple components\" issue."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en Pivotal PCF Elastic Runtime en versiones 1.6.x anteriores a la 1.6.60, versiones 1.7.x anteriores a la 1.7.41, versiones 1.8.x anteriores a la 1.8.23 y versiones 1.9.x anteriores a la 1.9.1. La l\u00f3gica de validaci\u00f3n incompleta en las bibliotecas JSON Web Token (JWT) puede permitir que atacantes no privilegiados suplanten a otros usuarios en m\u00faltiples componentes incluidos en PCF Elastic Runtime. Esto tambi\u00e9n se conoce como problema \"Unauthenticated JWT signing algorithm in multiple components\"."
}
],
"id": "CVE-2017-2773",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-06-13T06:29:00.300",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97135"
},
{
"source": "security_alert@emc.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2017-2773"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97135"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2017-2773"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-4959
Vulnerability from fkie_nvd - Published: 2017-06-13 06:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
An issue was discovered in Pivotal PCF Elastic Runtime 1.8.x versions prior to 1.8.29 and 1.9.x versions prior to 1.9.7. Pivotal Cloud Foundry deployments using the Pivotal Account application are vulnerable to a flaw which allows an authorized user to take over the account of another user, causing account lockout and potential escalation of privileges.
References
| URL | Tags | ||
|---|---|---|---|
| security_alert@emc.com | http://www.securityfocus.com/bid/96218 | Third Party Advisory, VDB Entry | |
| security_alert@emc.com | https://pivotal.io/security/cve-2017-4959 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/96218 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pivotal.io/security/cve-2017-4959 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "258FAFB4-2B67-456B-BE78-1562A3D5E9A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "15F08919-8764-419D-A399-1EAA6B055C5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "09BA6E79-22B6-4E5E-8C85-BBA8CB6C1828",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FB328ACE-FC3C-4255-9400-A9BBC5059F5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "877383E9-545F-4324-B8EA-76F33B7C11C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7B6BCA5E-1A43-41AA-ACEC-2C73E1B84D26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0CF15EDB-2707-43E2-9B53-C0CCA28AC972",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C896CBBE-BE7B-44C3-A25E-F85BC7F6CE51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "944374E2-A07E-4EEA-BE0C-47EF62FFABA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.9:*:*:*:*:*:*:*",
"matchCriteriaId": "CAEA85D5-10B2-4003-A857-2C46F9559694",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "799E1F2E-DA5F-41B5-9B83-55661E18D726",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.11:*:*:*:*:*:*:*",
"matchCriteriaId": "AD9369A6-F59D-4C7A-830E-6EAC6F81A493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.12:*:*:*:*:*:*:*",
"matchCriteriaId": "31A2732A-0309-4DF0-9EF1-7954D10BCFCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.13:*:*:*:*:*:*:*",
"matchCriteriaId": "C3101A31-55B3-4212-B78F-FE574B445F91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.14:*:*:*:*:*:*:*",
"matchCriteriaId": "DED599DA-D25C-45FD-9CDA-8E9E2D17364C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.15:*:*:*:*:*:*:*",
"matchCriteriaId": "EBA779B7-1660-48B7-A648-E3952BFD1B14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.16:*:*:*:*:*:*:*",
"matchCriteriaId": "83A66A35-48D1-48E5-97A9-A6F136EC9BEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.17:*:*:*:*:*:*:*",
"matchCriteriaId": "598033B9-A0FB-4A5B-9417-5A434608232A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.18:*:*:*:*:*:*:*",
"matchCriteriaId": "A6CE5BCF-A1C8-4F24-A5BC-70FAF096253F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.19:*:*:*:*:*:*:*",
"matchCriteriaId": "85E0C92F-485D-4675-95F8-672E8489AF64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.20:*:*:*:*:*:*:*",
"matchCriteriaId": "6B95BB7C-D9D7-4A63-B8AB-6EB456D236A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.21:*:*:*:*:*:*:*",
"matchCriteriaId": "A06AE8D5-F30A-4F73-AF69-622F01D0BF0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.22:*:*:*:*:*:*:*",
"matchCriteriaId": "167A8FDC-4C37-4AC4-9A0D-B73602F8062F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.23:*:*:*:*:*:*:*",
"matchCriteriaId": "DDAEFA2F-3E9E-4B4F-8679-7F70A3ED6292",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.24:*:*:*:*:*:*:*",
"matchCriteriaId": "81501627-C022-4BEC-AF42-B10DF1CDA69E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.25:*:*:*:*:*:*:*",
"matchCriteriaId": "2FD7FDCF-4123-4000-821B-88D5214AF74D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.26:*:*:*:*:*:*:*",
"matchCriteriaId": "A0224626-1FB4-4DF5-B16F-5D2741E51E02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.27:*:*:*:*:*:*:*",
"matchCriteriaId": "ADD367D8-748B-4CE7-8CF4-0549B02B1766",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.28:*:*:*:*:*:*:*",
"matchCriteriaId": "F3DDC3D0-2523-4A10-824F-6630F7559CD8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A4FA79FA-C53E-4852-941B-F8B32EBC0BE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F25D21E0-E84B-4BCF-B2D0-2332CD583128",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "80C76651-7E20-4456-ADA3-DF5020471743",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CC7911DD-A3CC-4046-884D-C11A1263B037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8F122CEA-7924-45A6-BCFD-B9079C4B0DCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EBBFA1F5-3A00-4BCE-8E8D-B3E898933A71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3329004D-1F23-4991-A8ED-51DB1E596FD8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Pivotal PCF Elastic Runtime 1.8.x versions prior to 1.8.29 and 1.9.x versions prior to 1.9.7. Pivotal Cloud Foundry deployments using the Pivotal Account application are vulnerable to a flaw which allows an authorized user to take over the account of another user, causing account lockout and potential escalation of privileges."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en Pivotal PCF Elastic Runtime, en versiones 1.8.x anteriores a la 1.8.29 y en versiones 1.9.x anteriores a la 1.9.7. Los despliegues de Pivotal Cloud Foundry que emplean la aplicaci\u00f3n Pivotal Account son vulnerables a un error que permite que un usuario autorizado tome el control de la cuenta de otro usuario, lo que podr\u00eda provocar el bloqueo de la cuenta y un potencial escalado de privilegios."
}
],
"id": "CVE-2017-4959",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-06-13T06:29:00.363",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/96218"
},
{
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2017-4959"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/96218"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2017-4959"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-4955
Vulnerability from fkie_nvd - Published: 2017-06-13 06:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.65, 1.7.x versions prior to 1.7.48, 1.8.x versions prior to 1.8.28, and 1.9.x versions prior to 1.9.5. Several credentials were present in the logs for the Notifications errand in the PCF Elastic Runtime tile.
References
| URL | Tags | ||
|---|---|---|---|
| security_alert@emc.com | http://www.securityfocus.com/bid/97082 | Third Party Advisory, VDB Entry | |
| security_alert@emc.com | https://pivotal.io/security/cve-2017-4955 | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/97082 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pivotal.io/security/cve-2017-4955 | Mitigation, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CC5918-BC38-46E3-8000-5FE87A65C0E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "36926681-35F4-4619-9613-155DEEEA3C8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "41FF3C2B-E96F-4DF7-A5C4-703206CB729E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F9CB3C2D-3080-4A3D-8D8D-1381B5D98920",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "782781EB-147C-4B00-84C5-1D8443BFA2D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "35A56755-EEB2-4C93-B180-3918A36965AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E4009F10-08AF-470B-B903-38B8A6DBF332",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2B2E8F04-53E6-4A3C-BE4B-8D0DDA22CA8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "790DAB24-893A-463F-8358-171DACD75074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3645A1A8-4945-447F-A968-101D5938F9C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "0E52C9B9-8F94-48D8-ADA6-96918F6AAD36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "3948FC2F-AF3B-4AF3-968D-F124D03A213A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.12:*:*:*:*:*:*:*",
"matchCriteriaId": "4BA44F9B-97D5-48C0-91E9-6D3FEC8B7773",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.13:*:*:*:*:*:*:*",
"matchCriteriaId": "7B414F88-6541-48C6-B9D6-4DDA035A0037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.14:*:*:*:*:*:*:*",
"matchCriteriaId": "66235C7F-D5EE-4989-8D24-6D0781954234",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.15:*:*:*:*:*:*:*",
"matchCriteriaId": "12E75B49-2419-4313-A648-B5283DA620E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.16:*:*:*:*:*:*:*",
"matchCriteriaId": "EED70273-3FB2-4652-9AA2-10E2E9D581DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.17:*:*:*:*:*:*:*",
"matchCriteriaId": "A2C07910-C462-46C1-83CB-39B3FD8D25BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.18:*:*:*:*:*:*:*",
"matchCriteriaId": "C6B9243E-31EF-48AB-BAB5-CCC3704A219F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.19:*:*:*:*:*:*:*",
"matchCriteriaId": "2BCB1D4B-F44C-41A1-90CA-62FD37003A1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.20:*:*:*:*:*:*:*",
"matchCriteriaId": "F623783F-46DF-454E-BD83-5D2AE35EA9B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.21:*:*:*:*:*:*:*",
"matchCriteriaId": "6BD9D35B-3E85-49FD-BA0A-D9020C5F280E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.22:*:*:*:*:*:*:*",
"matchCriteriaId": "A28CEEDF-FA40-4922-87A6-35DEBF184DC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.23:*:*:*:*:*:*:*",
"matchCriteriaId": "D4F08111-51B1-4866-8695-C0877FC77D0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.24:*:*:*:*:*:*:*",
"matchCriteriaId": "9FC58A11-78C4-495B-A898-048EE9F3063D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.25:*:*:*:*:*:*:*",
"matchCriteriaId": "620EAB8D-3754-494D-9912-724A0FE1E80F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.26:*:*:*:*:*:*:*",
"matchCriteriaId": "ADBA74BD-EF83-4F29-8040-FB5B35D38C9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.27:*:*:*:*:*:*:*",
"matchCriteriaId": "A1E00BE6-B2B6-4C02-9510-1F3DCC081173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.28:*:*:*:*:*:*:*",
"matchCriteriaId": "A4D9E726-CF92-4DE5-8A04-02428328CC8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.29:*:*:*:*:*:*:*",
"matchCriteriaId": "5E1CAC4E-3CD6-4D0C-8544-9481E57FD338",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.30:*:*:*:*:*:*:*",
"matchCriteriaId": "D1D0F13A-D149-492D-A484-B7F4235B2DC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.31:*:*:*:*:*:*:*",
"matchCriteriaId": "160A9972-DCF2-46A9-8025-938C492E5A0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.32:*:*:*:*:*:*:*",
"matchCriteriaId": "43978845-CC25-4975-8155-AC0999A4268B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.33:*:*:*:*:*:*:*",
"matchCriteriaId": "7B1A6848-16B9-47EC-B7C8-7740086398F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.34:*:*:*:*:*:*:*",
"matchCriteriaId": "D9708D36-4A9B-484A-A627-69A85D66EDF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.35:*:*:*:*:*:*:*",
"matchCriteriaId": "F0AB1C89-79D2-4997-A00D-E6E62243278B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.36:*:*:*:*:*:*:*",
"matchCriteriaId": "C071EA95-4AE2-43DC-900F-3DDD38959754",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.37:*:*:*:*:*:*:*",
"matchCriteriaId": "A6FF1F58-580A-4035-9427-1B4E96FC9E9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.38:*:*:*:*:*:*:*",
"matchCriteriaId": "71499439-2748-4B4F-8659-AE4F67CCC8AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.39:*:*:*:*:*:*:*",
"matchCriteriaId": "50161ECB-FEEA-4E1C-8DF9-5F3F7D944895",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.40:*:*:*:*:*:*:*",
"matchCriteriaId": "6D21BF37-C46C-4AF2-BEDA-F048520B2364",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.41:*:*:*:*:*:*:*",
"matchCriteriaId": "22F33DD4-DDE7-4742-8FC6-15B6A1879A27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.42:*:*:*:*:*:*:*",
"matchCriteriaId": "74509FEE-7166-4E02-8DF1-8F37DF6B0544",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.43:*:*:*:*:*:*:*",
"matchCriteriaId": "1A8CCAAC-4ED2-4EA2-A929-ED2A2422DB39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.44:*:*:*:*:*:*:*",
"matchCriteriaId": "7E5340E4-0C9D-40F5-9E34-14E793A44361",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.45:*:*:*:*:*:*:*",
"matchCriteriaId": "C45701FC-4423-4C05-A32F-75DB4B9F1E4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.46:*:*:*:*:*:*:*",
"matchCriteriaId": "902B67BD-57D8-4088-9FD6-9691ADB86D76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.47:*:*:*:*:*:*:*",
"matchCriteriaId": "28873E30-9073-424E-B68B-8DF11AFB72E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.48:*:*:*:*:*:*:*",
"matchCriteriaId": "B2F8DC97-BBBA-4377-ADF0-1F92AC5E135E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.49:*:*:*:*:*:*:*",
"matchCriteriaId": "C3585890-0DD5-4184-9AEE-5F22EACA2963",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.50:*:*:*:*:*:*:*",
"matchCriteriaId": "3B26DE06-585E-4E8B-81BD-5DAF32CF1893",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.51:*:*:*:*:*:*:*",
"matchCriteriaId": "12188BF1-1307-48B0-AAE4-6C91402B726F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.52:*:*:*:*:*:*:*",
"matchCriteriaId": "335DB844-E49A-439E-A4B3-D8E45BFE5DBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.53:*:*:*:*:*:*:*",
"matchCriteriaId": "DA90B5C3-4F17-4F8C-83A2-DFCD194F965C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.54:*:*:*:*:*:*:*",
"matchCriteriaId": "AA644782-F305-4BDB-B720-FF88D5B40308",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.55:*:*:*:*:*:*:*",
"matchCriteriaId": "97E71936-5F88-4A8C-BFE5-9591FEC3B5F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.56:*:*:*:*:*:*:*",
"matchCriteriaId": "62C9C2B9-DF79-4C9E-87F1-2949F9FC8C6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.57:*:*:*:*:*:*:*",
"matchCriteriaId": "1F458801-EB3D-4295-B7B1-AA8259758157",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.58:*:*:*:*:*:*:*",
"matchCriteriaId": "9FC59E2D-87E5-486E-8035-878B9C85E18A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.59:*:*:*:*:*:*:*",
"matchCriteriaId": "3870B8B2-FAF2-4374-B580-9884B72F2FB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.60:*:*:*:*:*:*:*",
"matchCriteriaId": "69589093-7B4F-433B-AD35-60CB9392C08C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.61:*:*:*:*:*:*:*",
"matchCriteriaId": "3C846FB3-526A-4B63-A10D-144DF6E31BA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.62:*:*:*:*:*:*:*",
"matchCriteriaId": "F36A6F3C-B2D9-483B-90CD-127DF7444514",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.63:*:*:*:*:*:*:*",
"matchCriteriaId": "394F138C-2C9C-46F5-A7E2-95511A2919C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.64:*:*:*:*:*:*:*",
"matchCriteriaId": "1A76CF05-C43D-45C1-A709-1BB7097B9E5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B75A7F-EAAC-4D81-9A10-D8DB45828EC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FA53D5B4-75BF-445F-96AA-4DC308B76E64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6DD5D5D9-604D-4917-99D0-1F41784A6835",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6B2BF60D-EEEE-4F4C-A19F-108C78366089",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5EED880C-5EF5-4FEA-A4BD-58CA61C12A9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DDA80BA5-66B0-4A6C-B552-175DBB930EB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BCDBAF27-D5DC-4379-A76E-7BD2CD98EB5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D957FD98-C2B4-48C2-81A0-37B2581E9F52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0DADB2DA-A12F-426E-9DEB-3628B081F78D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "99C97080-9BD3-4F17-A0E4-80F9F4CD7DB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E764D26C-D2C4-496C-936F-BF6793BF7C70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.12:*:*:*:*:*:*:*",
"matchCriteriaId": "1E574EDD-AD33-4A00-8E14-76F0134EC00B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.13:*:*:*:*:*:*:*",
"matchCriteriaId": "A2274274-C1F8-4E42-AF7A-BDBF379E823E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.14:*:*:*:*:*:*:*",
"matchCriteriaId": "DCB25167-8350-4362-876C-690F5B5B057C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.15:*:*:*:*:*:*:*",
"matchCriteriaId": "28F89423-3AEE-475A-BBBA-B895D9732A14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.16:*:*:*:*:*:*:*",
"matchCriteriaId": "B4B5CB0D-09C9-4CB2-B842-CA68400CDAAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.17:*:*:*:*:*:*:*",
"matchCriteriaId": "F047032B-218E-41BF-9F46-4682D415960E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.18:*:*:*:*:*:*:*",
"matchCriteriaId": "B291CCA0-EAE5-4900-ABF3-9A9D76910BD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.19:*:*:*:*:*:*:*",
"matchCriteriaId": "DB8DAD87-111B-4F17-85CC-65C395851079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.20:*:*:*:*:*:*:*",
"matchCriteriaId": "248878D6-7987-4608-9A28-66F3F7EFB976",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.21:*:*:*:*:*:*:*",
"matchCriteriaId": "62465763-0887-4082-9363-8F70B264F29A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "088B4A1B-3E98-4B9E-8430-30F6E61B560B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.23:*:*:*:*:*:*:*",
"matchCriteriaId": "2A13F165-C8D2-4BCB-84D3-B264C3DDD1FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.24:*:*:*:*:*:*:*",
"matchCriteriaId": "0844334C-E31A-4D85-B12A-AD06A00BF76D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.25:*:*:*:*:*:*:*",
"matchCriteriaId": "10CF4D45-1011-4252-A1A0-7A60BF6010ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.26:*:*:*:*:*:*:*",
"matchCriteriaId": "4F9CB7CA-00B2-4583-ACDB-9269E380D328",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.27:*:*:*:*:*:*:*",
"matchCriteriaId": "DDCF9CD2-4D4C-44CF-BD32-146A7C782DD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.28:*:*:*:*:*:*:*",
"matchCriteriaId": "034CA20F-30F2-4A6B-BE15-685864B4BB41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.29:*:*:*:*:*:*:*",
"matchCriteriaId": "D4B5BB61-A6FF-4F7B-852F-6EE86992E5C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.30:*:*:*:*:*:*:*",
"matchCriteriaId": "1D25BD5D-948B-4E5E-B25D-669CEDA02A1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.31:*:*:*:*:*:*:*",
"matchCriteriaId": "4634673B-84CD-4FCD-AECB-D5B865C0B05B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.32:*:*:*:*:*:*:*",
"matchCriteriaId": "57AE9EB2-4FA8-4186-B6F2-3F8EE3AB880E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.33:*:*:*:*:*:*:*",
"matchCriteriaId": "2B077E17-2BDC-4A55-990C-EE9036D80895",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.34:*:*:*:*:*:*:*",
"matchCriteriaId": "ECAB3961-38F3-4AEE-8EEA-AC929F93F9C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.35:*:*:*:*:*:*:*",
"matchCriteriaId": "FB91D749-3F61-4EAA-872B-27E66BF6D234",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.36:*:*:*:*:*:*:*",
"matchCriteriaId": "F23EA9FC-3396-40DB-925F-62CBA92B407C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.37:*:*:*:*:*:*:*",
"matchCriteriaId": "47D4AF5F-FCC7-4795-9E12-7EEA3686F059",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC87A91E-9804-4E77-99F0-75D87C970151",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.39:*:*:*:*:*:*:*",
"matchCriteriaId": "BE43BD2D-DD11-49F8-9894-719982B1B4FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.40:*:*:*:*:*:*:*",
"matchCriteriaId": "3BF27099-228F-422B-95BA-F8BDDCD72D18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.41:*:*:*:*:*:*:*",
"matchCriteriaId": "CE4093B0-E785-4E4D-A076-FAB5CFF397CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.42:*:*:*:*:*:*:*",
"matchCriteriaId": "8FAC1C6F-F41A-45B9-A9BC-0BBCB396EC2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.43:*:*:*:*:*:*:*",
"matchCriteriaId": "3E9862AE-D007-453B-9480-88CBF2C94A99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.44:*:*:*:*:*:*:*",
"matchCriteriaId": "85738A2A-5E35-480D-8BCE-A8298FB5A91A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.45:*:*:*:*:*:*:*",
"matchCriteriaId": "A2E99A62-2EA2-476A-95F4-8674E6887891",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.46:*:*:*:*:*:*:*",
"matchCriteriaId": "C20FB123-CB94-46B3-8800-C93BB6285B24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.47:*:*:*:*:*:*:*",
"matchCriteriaId": "411351FC-6D34-4FB9-A658-937519095A9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "15F08919-8764-419D-A399-1EAA6B055C5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "09BA6E79-22B6-4E5E-8C85-BBA8CB6C1828",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FB328ACE-FC3C-4255-9400-A9BBC5059F5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "877383E9-545F-4324-B8EA-76F33B7C11C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7B6BCA5E-1A43-41AA-ACEC-2C73E1B84D26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0CF15EDB-2707-43E2-9B53-C0CCA28AC972",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C896CBBE-BE7B-44C3-A25E-F85BC7F6CE51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "944374E2-A07E-4EEA-BE0C-47EF62FFABA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.9:*:*:*:*:*:*:*",
"matchCriteriaId": "CAEA85D5-10B2-4003-A857-2C46F9559694",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "799E1F2E-DA5F-41B5-9B83-55661E18D726",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.11:*:*:*:*:*:*:*",
"matchCriteriaId": "AD9369A6-F59D-4C7A-830E-6EAC6F81A493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.12:*:*:*:*:*:*:*",
"matchCriteriaId": "31A2732A-0309-4DF0-9EF1-7954D10BCFCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.13:*:*:*:*:*:*:*",
"matchCriteriaId": "C3101A31-55B3-4212-B78F-FE574B445F91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.14:*:*:*:*:*:*:*",
"matchCriteriaId": "DED599DA-D25C-45FD-9CDA-8E9E2D17364C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.15:*:*:*:*:*:*:*",
"matchCriteriaId": "EBA779B7-1660-48B7-A648-E3952BFD1B14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.16:*:*:*:*:*:*:*",
"matchCriteriaId": "83A66A35-48D1-48E5-97A9-A6F136EC9BEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.17:*:*:*:*:*:*:*",
"matchCriteriaId": "598033B9-A0FB-4A5B-9417-5A434608232A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.18:*:*:*:*:*:*:*",
"matchCriteriaId": "A6CE5BCF-A1C8-4F24-A5BC-70FAF096253F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.19:*:*:*:*:*:*:*",
"matchCriteriaId": "85E0C92F-485D-4675-95F8-672E8489AF64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.20:*:*:*:*:*:*:*",
"matchCriteriaId": "6B95BB7C-D9D7-4A63-B8AB-6EB456D236A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.21:*:*:*:*:*:*:*",
"matchCriteriaId": "A06AE8D5-F30A-4F73-AF69-622F01D0BF0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.22:*:*:*:*:*:*:*",
"matchCriteriaId": "167A8FDC-4C37-4AC4-9A0D-B73602F8062F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.23:*:*:*:*:*:*:*",
"matchCriteriaId": "DDAEFA2F-3E9E-4B4F-8679-7F70A3ED6292",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.24:*:*:*:*:*:*:*",
"matchCriteriaId": "81501627-C022-4BEC-AF42-B10DF1CDA69E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.25:*:*:*:*:*:*:*",
"matchCriteriaId": "2FD7FDCF-4123-4000-821B-88D5214AF74D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.26:*:*:*:*:*:*:*",
"matchCriteriaId": "A0224626-1FB4-4DF5-B16F-5D2741E51E02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.27:*:*:*:*:*:*:*",
"matchCriteriaId": "ADD367D8-748B-4CE7-8CF4-0549B02B1766",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F25D21E0-E84B-4BCF-B2D0-2332CD583128",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "80C76651-7E20-4456-ADA3-DF5020471743",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CC7911DD-A3CC-4046-884D-C11A1263B037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8F122CEA-7924-45A6-BCFD-B9079C4B0DCA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.65, 1.7.x versions prior to 1.7.48, 1.8.x versions prior to 1.8.28, and 1.9.x versions prior to 1.9.5. Several credentials were present in the logs for the Notifications errand in the PCF Elastic Runtime tile."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en las versiones de PCF Elastic Runtime de Pivotal versiones 1.6.x anteriores a 1.6.65, versiones 1.7.x anteriores a 1.7.48, versiones 1.8.x anteriores a 1.8.28 y versiones 1.9.x anteriores a 1.9.5. Varias credenciales estaban presentes en los registros para la tarea Notifications en el mosaico de PCF Elastic Runtime."
}
],
"id": "CVE-2017-4955",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-06-13T06:29:00.330",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97082"
},
{
"source": "security_alert@emc.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2017-4955"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97082"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2017-4955"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-0780
Vulnerability from fkie_nvd - Published: 2017-05-25 17:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
It was discovered that cf-release v231 and lower, Pivotal Cloud Foundry Elastic Runtime 1.5.x versions prior to 1.5.17 and Pivotal Cloud Foundry Elastic Runtime 1.6.x versions prior to 1.6.18 do not properly enforce disk quotas in certain cases. An attacker could use an improper disk quota value to bypass enforcement and consume all the disk on DEAs/CELLs causing a potential denial of service for other applications.
References
| URL | Tags | ||
|---|---|---|---|
| security_alert@emc.com | https://pivotal.io/security/cve-2016-0780 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pivotal.io/security/cve-2016-0780 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cloudfoundry:cf-release:231:*:*:*:*:*:*:*",
"matchCriteriaId": "DBA563A9-3C12-4F83-9E63-BC03636BC799",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "472AA352-D04B-45D0-AAD7-95CE0738E9AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9619B693-4B49-4FDC-AB49-5E6B2F124AB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F7C2DED8-D527-4732-B57F-489CF5626352",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D585B534-0CD9-400D-A237-B026A83082C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "50C759FB-0796-4214-B085-0565AB75C216",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8430DACA-7518-47BB-A89F-B7E83190C54C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "29F9167C-F195-4004-9EF4-43F199F05E3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "48B486D0-318D-4912-A992-5B89D93C11BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E015CE12-73EB-4FAD-B569-719F93685B0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "16AE14C4-FA84-4E8B-9231-83DB4F71DC35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "06576161-44B7-4EB1-8C26-C49CFF3FD11B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.5.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D6F9581A-42DB-4ADE-AFA1-2364371CC24A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.5.12:*:*:*:*:*:*:*",
"matchCriteriaId": "2DCDE033-923F-4338-9E45-22FE684B43ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.5.13:*:*:*:*:*:*:*",
"matchCriteriaId": "D300B952-8EF3-4CB1-88B6-125837C3474B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.5.14:*:*:*:*:*:*:*",
"matchCriteriaId": "71AFAFE8-3B21-4AF0-8B3D-597FEEFEEDE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.5.15:*:*:*:*:*:*:*",
"matchCriteriaId": "21202F77-DF05-4A07-8CEB-76DD03395957",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.5.16:*:*:*:*:*:*:*",
"matchCriteriaId": "1A9BA6EB-6BC0-4A74-9726-3F242D00FE78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CC5918-BC38-46E3-8000-5FE87A65C0E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "36926681-35F4-4619-9613-155DEEEA3C8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "41FF3C2B-E96F-4DF7-A5C4-703206CB729E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F9CB3C2D-3080-4A3D-8D8D-1381B5D98920",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "782781EB-147C-4B00-84C5-1D8443BFA2D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "35A56755-EEB2-4C93-B180-3918A36965AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E4009F10-08AF-470B-B903-38B8A6DBF332",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2B2E8F04-53E6-4A3C-BE4B-8D0DDA22CA8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "790DAB24-893A-463F-8358-171DACD75074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3645A1A8-4945-447F-A968-101D5938F9C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "0E52C9B9-8F94-48D8-ADA6-96918F6AAD36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "3948FC2F-AF3B-4AF3-968D-F124D03A213A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.12:*:*:*:*:*:*:*",
"matchCriteriaId": "4BA44F9B-97D5-48C0-91E9-6D3FEC8B7773",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.13:*:*:*:*:*:*:*",
"matchCriteriaId": "7B414F88-6541-48C6-B9D6-4DDA035A0037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.14:*:*:*:*:*:*:*",
"matchCriteriaId": "66235C7F-D5EE-4989-8D24-6D0781954234",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.15:*:*:*:*:*:*:*",
"matchCriteriaId": "12E75B49-2419-4313-A648-B5283DA620E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.16:*:*:*:*:*:*:*",
"matchCriteriaId": "EED70273-3FB2-4652-9AA2-10E2E9D581DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.17:*:*:*:*:*:*:*",
"matchCriteriaId": "A2C07910-C462-46C1-83CB-39B3FD8D25BC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "It was discovered that cf-release v231 and lower, Pivotal Cloud Foundry Elastic Runtime 1.5.x versions prior to 1.5.17 and Pivotal Cloud Foundry Elastic Runtime 1.6.x versions prior to 1.6.18 do not properly enforce disk quotas in certain cases. An attacker could use an improper disk quota value to bypass enforcement and consume all the disk on DEAs/CELLs causing a potential denial of service for other applications."
},
{
"lang": "es",
"value": "Se detect\u00f3 que cf-release versi\u00f3n v231 e inferior, Pivotal Cloud Foundry Elastic Runtime versiones 1.5.x anteriores a 1.5.17 y Pivotal Cloud Foundry Elastic Runtime versiones 1.6.x anteriores a 1.6.18, no hacen cumplir las cuotas de disco apropiadamente en ciertos casos. Un atacante podr\u00eda usar un valor de cuota de disco inapropiado para omitir la ejecuci\u00f3n y consumo de todo el disco en DEAs/CELLs, causando una potencial denegaci\u00f3n de servicio para otras aplicaciones."
}
],
"id": "CVE-2016-0780",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-25T17:29:00.520",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2016-0780"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2016-0780"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-3189
Vulnerability from fkie_nvd - Published: 2017-05-25 17:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
With Cloud Foundry Runtime cf-release versions v208 or earlier, UAA Standalone versions 2.2.5 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier, old Password Reset Links are not expired after the user changes their current email address to a new one. This vulnerability is applicable only when using the UAA internal user store for authentication. Deployments enabled for integration via SAML or LDAP are not affected.
References
| URL | Tags | ||
|---|---|---|---|
| security_alert@emc.com | https://pivotal.io/security/cve-2015-3189 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pivotal.io/security/cve-2015-3189 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cloudfoundry | cf-release | * | |
| pivotal_software | cloud_foundry_elastic_runtime | * | |
| pivotal_software | cloud_foundry_uaa | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cloudfoundry:cf-release:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F11FD354-9940-4745-BF27-19108E2E567E",
"versionEndIncluding": "208",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AB6812A0-8836-4F25-9AC1-DB552BC605ED",
"versionEndIncluding": "1.4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F876A8B-AA8F-4DAD-B840-6CDF1076AF9D",
"versionEndIncluding": "2.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "With Cloud Foundry Runtime cf-release versions v208 or earlier, UAA Standalone versions 2.2.5 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier, old Password Reset Links are not expired after the user changes their current email address to a new one. This vulnerability is applicable only when using the UAA internal user store for authentication. Deployments enabled for integration via SAML or LDAP are not affected."
},
{
"lang": "es",
"value": "En Cloud Foundry Runtime versiones v208 y anteriores, UAA Standalone versiones 2.2.5 o anteriores y Pivotal Cloud Foundry Runtime, versiones 1.4.5 o anteriores, los enlaces a contrase\u00f1as antiguas reseteadas no expiran despu\u00e9s de que un usuario cambie su direcci\u00f3n de correo electr\u00f3nico actual a una nueva. Esta vulnerabilidad aplica solo cuando se almacena el UAA del usuario interno para la autenticaci\u00f3n. Despliegues habilitados para la integraci\u00f3n a trav\u00e9s de SAML o LDAP no estar\u00edan afectados."
}
],
"id": "CVE-2015-3189",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-25T17:29:00.333",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2015-3189"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2015-3189"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-640"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-1834
Vulnerability from fkie_nvd - Published: 2017-05-25 17:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
A path traversal vulnerability was identified in the Cloud Foundry component Cloud Controller that affects cf-release versions prior to v208 and Pivotal Cloud Foundry Elastic Runtime versions prior to 1.4.2. Path traversal is the 'outbreak' of a given directory structure through relative file paths in the user input. It aims at accessing files and directories that are stored outside the web root folder, for disallowed reading or even executing arbitrary system commands. An attacker could use a certain parameter of the file path for instance to inject '../' sequences in order to navigate through the file system. In this particular case a remote authenticated attacker can exploit the identified vulnerability in order to upload arbitrary files to the server running a Cloud Controller instance - outside the isolated application container.
References
| URL | Tags | ||
|---|---|---|---|
| security_alert@emc.com | http://www.securityfocus.com/bid/98691 | Third Party Advisory, VDB Entry | |
| security_alert@emc.com | https://pivotal.io/security/cve-2015-1834 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/98691 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pivotal.io/security/cve-2015-1834 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cloudfoundry | cf-release | * | |
| pivotal_software | cloud_foundry_elastic_runtime | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cloudfoundry:cf-release:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2C42A408-570D-42C3-B5AF-C173D14B7CE6",
"versionEndIncluding": "207",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:*:*:*:*:*:*:*:*",
"matchCriteriaId": "567FE032-B2D3-47EC-9CCB-2298311C1924",
"versionEndIncluding": "1.4.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A path traversal vulnerability was identified in the Cloud Foundry component Cloud Controller that affects cf-release versions prior to v208 and Pivotal Cloud Foundry Elastic Runtime versions prior to 1.4.2. Path traversal is the \u0027outbreak\u0027 of a given directory structure through relative file paths in the user input. It aims at accessing files and directories that are stored outside the web root folder, for disallowed reading or even executing arbitrary system commands. An attacker could use a certain parameter of the file path for instance to inject \u0027../\u0027 sequences in order to navigate through the file system. In this particular case a remote authenticated attacker can exploit the identified vulnerability in order to upload arbitrary files to the server running a Cloud Controller instance - outside the isolated application container."
},
{
"lang": "es",
"value": "Una vulnerabilidad de salto de directorio ha sido identificada en el componente Cloud Controller de Cloud Foundry, versiones anteriores a la v208 y en Pivotal Cloud Foundry Elastic Runtime, versiones anteriores a la 1.4.2. Un salto de directorio puede originarse a trav\u00e9s de una estructura de directorios relativa a la ruta de un fichero apuntada en una entrada de usuario. El objetivo es el acceso a ficheros y directorios situados fuera de la carpeta web ra\u00edz, con la finalidad de realizar lecturas no autorizadas o incluso ejecutar comandos de sistema arbitrarios. Un atacante podr\u00eda utilizar un cierto par\u00e1metro de la ruta del fichero para p.e. inyectar secuencias de \u0027../\u0027 para navegar a trav\u00e9s del sistema de ficheros. En este caso particular, un atacante remoto autenticado pudr\u00eda explotar esta vulnerabilidad para cargar ficheros arbitrarios en el servidor donde se est\u00e1 ejecutando una instancia de Cloud Controller fuera del contenedor que a\u00edsla a la aplicaci\u00f3n."
}
],
"id": "CVE-2015-1834",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-25T17:29:00.287",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98691"
},
{
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2015-1834"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98691"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2015-1834"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2016-0715 (GCVE-0-2016-0715)
Vulnerability from cvelistv5 – Published: 2018-09-11 17:00 – Updated: 2024-09-16 16:48
VLAI?
Summary
Pivotal Cloud Foundry Elastic Runtime version 1.4.0 through 1.4.5, 1.5.0 through 1.5.11 and 1.6.0 through 1.6.11 is vulnerable to a remote information disclosure. It was found that original mitigation configuration instructions provided as part of CVE-2016-0708 were incomplete and could leave PHP Buildpack, Staticfile Buildpack and potentially other custom Buildpack applications vulnerable to remote information disclosure. Affected applications use automated buildpack detection, serve files directly from the root of the application and have a buildpack that matched after the Java Buildpack in the system buildpack priority when Java Buildpack versions 2.0 through 3.4 were present.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Pivotal | Pivotal Cloud Foundry Elastic Runtime |
Affected:
1.4.0 through 1.4.5
Affected: 1.5.0 through 1.5.11 Affected: 1.6.0 through 1.6.11 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:30:03.868Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2016-0715"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Pivotal Cloud Foundry Elastic Runtime",
"vendor": "Pivotal",
"versions": [
{
"status": "affected",
"version": "1.4.0 through 1.4.5"
},
{
"status": "affected",
"version": "1.5.0 through 1.5.11"
},
{
"status": "affected",
"version": "1.6.0 through 1.6.11"
}
]
}
],
"datePublic": "2015-01-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Pivotal Cloud Foundry Elastic Runtime version 1.4.0 through 1.4.5, 1.5.0 through 1.5.11 and 1.6.0 through 1.6.11 is vulnerable to a remote information disclosure. It was found that original mitigation configuration instructions provided as part of CVE-2016-0708 were incomplete and could leave PHP Buildpack, Staticfile Buildpack and potentially other custom Buildpack applications vulnerable to remote information disclosure. Affected applications use automated buildpack detection, serve files directly from the root of the application and have a buildpack that matched after the Java Buildpack in the system buildpack priority when Java Buildpack versions 2.0 through 3.4 were present."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-11T16:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2016-0715"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC": "2015-01-18T00:00:00",
"ID": "CVE-2016-0715",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Pivotal Cloud Foundry Elastic Runtime",
"version": {
"version_data": [
{
"version_value": "1.4.0 through 1.4.5"
},
{
"version_value": "1.5.0 through 1.5.11"
},
{
"version_value": "1.6.0 through 1.6.11"
}
]
}
}
]
},
"vendor_name": "Pivotal"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pivotal Cloud Foundry Elastic Runtime version 1.4.0 through 1.4.5, 1.5.0 through 1.5.11 and 1.6.0 through 1.6.11 is vulnerable to a remote information disclosure. It was found that original mitigation configuration instructions provided as part of CVE-2016-0708 were incomplete and could leave PHP Buildpack, Staticfile Buildpack and potentially other custom Buildpack applications vulnerable to remote information disclosure. Affected applications use automated buildpack detection, serve files directly from the root of the application and have a buildpack that matched after the Java Buildpack in the system buildpack priority when Java Buildpack versions 2.0 through 3.4 were present."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pivotal.io/security/cve-2016-0715",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2016-0715"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-0715",
"datePublished": "2018-09-11T17:00:00Z",
"dateReserved": "2015-12-16T00:00:00",
"dateUpdated": "2024-09-16T16:48:30.435Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6658 (GCVE-0-2016-6658)
Vulnerability from cvelistv5 – Published: 2018-03-29 22:00 – Updated: 2024-08-06 01:36
VLAI?
Summary
Applications in cf-release before 245 can be configured and pushed with a user-provided custom buildpack using a URL pointing to the buildpack. Although it is not recommended, a user can specify a credential in the URL (basic auth or OAuth) to access the buildpack through the CLI. For example, the user could include a GitHub username and password in the URL to access a private repo. Because the URL to access the buildpack is stored unencrypted, an operator with privileged access to the Cloud Controller database could view these credentials.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:36:29.571Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2016-6658"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-08-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Applications in cf-release before 245 can be configured and pushed with a user-provided custom buildpack using a URL pointing to the buildpack. Although it is not recommended, a user can specify a credential in the URL (basic auth or OAuth) to access the buildpack through the CLI. For example, the user could include a GitHub username and password in the URL to access a private repo. Because the URL to access the buildpack is stored unencrypted, an operator with privileged access to the Cloud Controller database could view these credentials."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-29T21:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2016-6658"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2016-6658",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Applications in cf-release before 245 can be configured and pushed with a user-provided custom buildpack using a URL pointing to the buildpack. Although it is not recommended, a user can specify a credential in the URL (basic auth or OAuth) to access the buildpack through the CLI. For example, the user could include a GitHub username and password in the URL to access a private repo. Because the URL to access the buildpack is stored unencrypted, an operator with privileged access to the Cloud Controller database could view these credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pivotal.io/security/cve-2016-6658",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2016-6658"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2016-6658",
"datePublished": "2018-03-29T22:00:00",
"dateReserved": "2016-08-10T00:00:00",
"dateUpdated": "2024-08-06T01:36:29.571Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-5172 (GCVE-0-2015-5172)
Vulnerability from cvelistv5 – Published: 2017-10-24 17:00 – Updated: 2024-08-06 06:41
VLAI?
Summary
Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire password reset links.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:41:09.222Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2015-5170-5173"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire password reset links."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-24T16:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2015-5170-5173"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5172",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire password reset links."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pivotal.io/security/cve-2015-5170-5173",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2015-5170-5173"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-5172",
"datePublished": "2017-10-24T17:00:00",
"dateReserved": "2015-07-01T00:00:00",
"dateUpdated": "2024-08-06T06:41:09.222Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-5171 (GCVE-0-2015-5171)
Vulnerability from cvelistv5 – Published: 2017-10-24 17:00 – Updated: 2024-08-06 06:41
VLAI?
Summary
The password change functionality in Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire existing sessions.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:41:07.973Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2015-5170-5173"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The password change functionality in Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire existing sessions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-24T16:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2015-5170-5173"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5171",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The password change functionality in Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire existing sessions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pivotal.io/security/cve-2015-5170-5173",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2015-5170-5173"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-5171",
"datePublished": "2017-10-24T17:00:00",
"dateReserved": "2015-07-01T00:00:00",
"dateUpdated": "2024-08-06T06:41:07.973Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-5173 (GCVE-0-2015-5173)
Vulnerability from cvelistv5 – Published: 2017-10-24 17:00 – Updated: 2024-08-06 06:41
VLAI?
Summary
Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact via vectors involving emails with password recovery links, aka "Cross Domain Referer Leakage."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:41:08.841Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2015-5170-5173"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact via vectors involving emails with password recovery links, aka \"Cross Domain Referer Leakage.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-24T16:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2015-5170-5173"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5173",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact via vectors involving emails with password recovery links, aka \"Cross Domain Referer Leakage.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pivotal.io/security/cve-2015-5170-5173",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2015-5170-5173"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-5173",
"datePublished": "2017-10-24T17:00:00",
"dateReserved": "2015-07-01T00:00:00",
"dateUpdated": "2024-08-06T06:41:08.841Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-5170 (GCVE-0-2015-5170)
Vulnerability from cvelistv5 – Published: 2017-10-24 17:00 – Updated: 2024-08-06 06:41
VLAI?
Summary
Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow remote attackers to conduct cross-site request forgery (CSRF) attacks on PWS and log a user into an arbitrary account by leveraging lack of CSRF checks.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:41:07.967Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2015-5170-5173"
},
{
"name": "101579",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101579"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow remote attackers to conduct cross-site request forgery (CSRF) attacks on PWS and log a user into an arbitrary account by leveraging lack of CSRF checks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-27T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2015-5170-5173"
},
{
"name": "101579",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101579"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5170",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow remote attackers to conduct cross-site request forgery (CSRF) attacks on PWS and log a user into an arbitrary account by leveraging lack of CSRF checks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pivotal.io/security/cve-2015-5170-5173",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2015-5170-5173"
},
{
"name": "101579",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101579"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-5170",
"datePublished": "2017-10-24T17:00:00",
"dateReserved": "2015-07-01T00:00:00",
"dateUpdated": "2024-08-06T06:41:07.967Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-4955 (GCVE-0-2017-4955)
Vulnerability from cvelistv5 – Published: 2017-06-13 06:00 – Updated: 2024-08-05 14:47
VLAI?
Summary
An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.65, 1.7.x versions prior to 1.7.48, 1.8.x versions prior to 1.8.28, and 1.9.x versions prior to 1.9.5. Several credentials were present in the logs for the Notifications errand in the PCF Elastic Runtime tile.
Severity ?
No CVSS data available.
CWE
- Credentials in Elastic Runtime Notifications errand log
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | PCF Elastic Runtime |
Affected:
PCF Elastic Runtime
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:47:44.061Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2017-4955"
},
{
"name": "97082",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97082"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PCF Elastic Runtime",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "PCF Elastic Runtime"
}
]
}
],
"datePublic": "2017-06-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.65, 1.7.x versions prior to 1.7.48, 1.8.x versions prior to 1.8.28, and 1.9.x versions prior to 1.9.5. Several credentials were present in the logs for the Notifications errand in the PCF Elastic Runtime tile."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Credentials in Elastic Runtime Notifications errand log",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-13T09:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2017-4955"
},
{
"name": "97082",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97082"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2017-4955",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PCF Elastic Runtime",
"version": {
"version_data": [
{
"version_value": "PCF Elastic Runtime"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.65, 1.7.x versions prior to 1.7.48, 1.8.x versions prior to 1.8.28, and 1.9.x versions prior to 1.9.5. Several credentials were present in the logs for the Notifications errand in the PCF Elastic Runtime tile."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Credentials in Elastic Runtime Notifications errand log"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pivotal.io/security/cve-2017-4955",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2017-4955"
},
{
"name": "97082",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97082"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2017-4955",
"datePublished": "2017-06-13T06:00:00",
"dateReserved": "2016-12-29T00:00:00",
"dateUpdated": "2024-08-05T14:47:44.061Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-4959 (GCVE-0-2017-4959)
Vulnerability from cvelistv5 – Published: 2017-06-13 06:00 – Updated: 2024-08-05 14:47
VLAI?
Summary
An issue was discovered in Pivotal PCF Elastic Runtime 1.8.x versions prior to 1.8.29 and 1.9.x versions prior to 1.9.7. Pivotal Cloud Foundry deployments using the Pivotal Account application are vulnerable to a flaw which allows an authorized user to take over the account of another user, causing account lockout and potential escalation of privileges.
Severity ?
No CVSS data available.
CWE
- Pivotal Cloud Foundry account authorization vulnerability
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | PCF Elastic Runtime |
Affected:
PCF Elastic Runtime
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:47:43.745Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "96218",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96218"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2017-4959"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PCF Elastic Runtime",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "PCF Elastic Runtime"
}
]
}
],
"datePublic": "2017-06-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Pivotal PCF Elastic Runtime 1.8.x versions prior to 1.8.29 and 1.9.x versions prior to 1.9.7. Pivotal Cloud Foundry deployments using the Pivotal Account application are vulnerable to a flaw which allows an authorized user to take over the account of another user, causing account lockout and potential escalation of privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Pivotal Cloud Foundry account authorization vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-13T09:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "96218",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96218"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2017-4959"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2017-4959",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PCF Elastic Runtime",
"version": {
"version_data": [
{
"version_value": "PCF Elastic Runtime"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Pivotal PCF Elastic Runtime 1.8.x versions prior to 1.8.29 and 1.9.x versions prior to 1.9.7. Pivotal Cloud Foundry deployments using the Pivotal Account application are vulnerable to a flaw which allows an authorized user to take over the account of another user, causing account lockout and potential escalation of privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Pivotal Cloud Foundry account authorization vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96218",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96218"
},
{
"name": "https://pivotal.io/security/cve-2017-4959",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2017-4959"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2017-4959",
"datePublished": "2017-06-13T06:00:00",
"dateReserved": "2016-12-29T00:00:00",
"dateUpdated": "2024-08-05T14:47:43.745Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2773 (GCVE-0-2017-2773)
Vulnerability from cvelistv5 – Published: 2017-06-13 06:00 – Updated: 2024-08-05 14:02
VLAI?
Summary
An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.60, 1.7.x versions prior to 1.7.41, 1.8.x versions prior to 1.8.23, and 1.9.x versions prior to 1.9.1. Incomplete validation logic in JSON Web Token (JWT) libraries can allow unprivileged attackers to impersonate other users in multiple components included in PCF Elastic Runtime, aka an "Unauthenticated JWT signing algorithm in multiple components" issue.
Severity ?
No CVSS data available.
CWE
- Unauthenticated JWT signing algorithm in multiple components
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | PCF Elastic Runtime |
Affected:
PCF Elastic Runtime
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:02:07.773Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "97135",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97135"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2017-2773"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PCF Elastic Runtime",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "PCF Elastic Runtime"
}
]
}
],
"datePublic": "2017-06-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.60, 1.7.x versions prior to 1.7.41, 1.8.x versions prior to 1.8.23, and 1.9.x versions prior to 1.9.1. Incomplete validation logic in JSON Web Token (JWT) libraries can allow unprivileged attackers to impersonate other users in multiple components included in PCF Elastic Runtime, aka an \"Unauthenticated JWT signing algorithm in multiple components\" issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unauthenticated JWT signing algorithm in multiple components",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-13T09:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "97135",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97135"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2017-2773"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2017-2773",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PCF Elastic Runtime",
"version": {
"version_data": [
{
"version_value": "PCF Elastic Runtime"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.60, 1.7.x versions prior to 1.7.41, 1.8.x versions prior to 1.8.23, and 1.9.x versions prior to 1.9.1. Incomplete validation logic in JSON Web Token (JWT) libraries can allow unprivileged attackers to impersonate other users in multiple components included in PCF Elastic Runtime, aka an \"Unauthenticated JWT signing algorithm in multiple components\" issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unauthenticated JWT signing algorithm in multiple components"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "97135",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97135"
},
{
"name": "https://pivotal.io/security/cve-2017-2773",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2017-2773"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2017-2773",
"datePublished": "2017-06-13T06:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T14:02:07.773Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-0715 (GCVE-0-2016-0715)
Vulnerability from nvd – Published: 2018-09-11 17:00 – Updated: 2024-09-16 16:48
VLAI?
Summary
Pivotal Cloud Foundry Elastic Runtime version 1.4.0 through 1.4.5, 1.5.0 through 1.5.11 and 1.6.0 through 1.6.11 is vulnerable to a remote information disclosure. It was found that original mitigation configuration instructions provided as part of CVE-2016-0708 were incomplete and could leave PHP Buildpack, Staticfile Buildpack and potentially other custom Buildpack applications vulnerable to remote information disclosure. Affected applications use automated buildpack detection, serve files directly from the root of the application and have a buildpack that matched after the Java Buildpack in the system buildpack priority when Java Buildpack versions 2.0 through 3.4 were present.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Pivotal | Pivotal Cloud Foundry Elastic Runtime |
Affected:
1.4.0 through 1.4.5
Affected: 1.5.0 through 1.5.11 Affected: 1.6.0 through 1.6.11 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:30:03.868Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2016-0715"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Pivotal Cloud Foundry Elastic Runtime",
"vendor": "Pivotal",
"versions": [
{
"status": "affected",
"version": "1.4.0 through 1.4.5"
},
{
"status": "affected",
"version": "1.5.0 through 1.5.11"
},
{
"status": "affected",
"version": "1.6.0 through 1.6.11"
}
]
}
],
"datePublic": "2015-01-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Pivotal Cloud Foundry Elastic Runtime version 1.4.0 through 1.4.5, 1.5.0 through 1.5.11 and 1.6.0 through 1.6.11 is vulnerable to a remote information disclosure. It was found that original mitigation configuration instructions provided as part of CVE-2016-0708 were incomplete and could leave PHP Buildpack, Staticfile Buildpack and potentially other custom Buildpack applications vulnerable to remote information disclosure. Affected applications use automated buildpack detection, serve files directly from the root of the application and have a buildpack that matched after the Java Buildpack in the system buildpack priority when Java Buildpack versions 2.0 through 3.4 were present."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-11T16:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2016-0715"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC": "2015-01-18T00:00:00",
"ID": "CVE-2016-0715",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Pivotal Cloud Foundry Elastic Runtime",
"version": {
"version_data": [
{
"version_value": "1.4.0 through 1.4.5"
},
{
"version_value": "1.5.0 through 1.5.11"
},
{
"version_value": "1.6.0 through 1.6.11"
}
]
}
}
]
},
"vendor_name": "Pivotal"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pivotal Cloud Foundry Elastic Runtime version 1.4.0 through 1.4.5, 1.5.0 through 1.5.11 and 1.6.0 through 1.6.11 is vulnerable to a remote information disclosure. It was found that original mitigation configuration instructions provided as part of CVE-2016-0708 were incomplete and could leave PHP Buildpack, Staticfile Buildpack and potentially other custom Buildpack applications vulnerable to remote information disclosure. Affected applications use automated buildpack detection, serve files directly from the root of the application and have a buildpack that matched after the Java Buildpack in the system buildpack priority when Java Buildpack versions 2.0 through 3.4 were present."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pivotal.io/security/cve-2016-0715",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2016-0715"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-0715",
"datePublished": "2018-09-11T17:00:00Z",
"dateReserved": "2015-12-16T00:00:00",
"dateUpdated": "2024-09-16T16:48:30.435Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6658 (GCVE-0-2016-6658)
Vulnerability from nvd – Published: 2018-03-29 22:00 – Updated: 2024-08-06 01:36
VLAI?
Summary
Applications in cf-release before 245 can be configured and pushed with a user-provided custom buildpack using a URL pointing to the buildpack. Although it is not recommended, a user can specify a credential in the URL (basic auth or OAuth) to access the buildpack through the CLI. For example, the user could include a GitHub username and password in the URL to access a private repo. Because the URL to access the buildpack is stored unencrypted, an operator with privileged access to the Cloud Controller database could view these credentials.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:36:29.571Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2016-6658"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-08-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Applications in cf-release before 245 can be configured and pushed with a user-provided custom buildpack using a URL pointing to the buildpack. Although it is not recommended, a user can specify a credential in the URL (basic auth or OAuth) to access the buildpack through the CLI. For example, the user could include a GitHub username and password in the URL to access a private repo. Because the URL to access the buildpack is stored unencrypted, an operator with privileged access to the Cloud Controller database could view these credentials."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-29T21:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2016-6658"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2016-6658",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Applications in cf-release before 245 can be configured and pushed with a user-provided custom buildpack using a URL pointing to the buildpack. Although it is not recommended, a user can specify a credential in the URL (basic auth or OAuth) to access the buildpack through the CLI. For example, the user could include a GitHub username and password in the URL to access a private repo. Because the URL to access the buildpack is stored unencrypted, an operator with privileged access to the Cloud Controller database could view these credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pivotal.io/security/cve-2016-6658",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2016-6658"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2016-6658",
"datePublished": "2018-03-29T22:00:00",
"dateReserved": "2016-08-10T00:00:00",
"dateUpdated": "2024-08-06T01:36:29.571Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-5172 (GCVE-0-2015-5172)
Vulnerability from nvd – Published: 2017-10-24 17:00 – Updated: 2024-08-06 06:41
VLAI?
Summary
Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire password reset links.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:41:09.222Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2015-5170-5173"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire password reset links."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-24T16:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2015-5170-5173"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5172",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire password reset links."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pivotal.io/security/cve-2015-5170-5173",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2015-5170-5173"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-5172",
"datePublished": "2017-10-24T17:00:00",
"dateReserved": "2015-07-01T00:00:00",
"dateUpdated": "2024-08-06T06:41:09.222Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-5171 (GCVE-0-2015-5171)
Vulnerability from nvd – Published: 2017-10-24 17:00 – Updated: 2024-08-06 06:41
VLAI?
Summary
The password change functionality in Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire existing sessions.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:41:07.973Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2015-5170-5173"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The password change functionality in Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire existing sessions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-24T16:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2015-5170-5173"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5171",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The password change functionality in Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire existing sessions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pivotal.io/security/cve-2015-5170-5173",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2015-5170-5173"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-5171",
"datePublished": "2017-10-24T17:00:00",
"dateReserved": "2015-07-01T00:00:00",
"dateUpdated": "2024-08-06T06:41:07.973Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-5173 (GCVE-0-2015-5173)
Vulnerability from nvd – Published: 2017-10-24 17:00 – Updated: 2024-08-06 06:41
VLAI?
Summary
Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact via vectors involving emails with password recovery links, aka "Cross Domain Referer Leakage."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:41:08.841Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2015-5170-5173"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact via vectors involving emails with password recovery links, aka \"Cross Domain Referer Leakage.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-24T16:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2015-5170-5173"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5173",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact via vectors involving emails with password recovery links, aka \"Cross Domain Referer Leakage.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pivotal.io/security/cve-2015-5170-5173",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2015-5170-5173"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-5173",
"datePublished": "2017-10-24T17:00:00",
"dateReserved": "2015-07-01T00:00:00",
"dateUpdated": "2024-08-06T06:41:08.841Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-5170 (GCVE-0-2015-5170)
Vulnerability from nvd – Published: 2017-10-24 17:00 – Updated: 2024-08-06 06:41
VLAI?
Summary
Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow remote attackers to conduct cross-site request forgery (CSRF) attacks on PWS and log a user into an arbitrary account by leveraging lack of CSRF checks.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:41:07.967Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2015-5170-5173"
},
{
"name": "101579",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101579"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow remote attackers to conduct cross-site request forgery (CSRF) attacks on PWS and log a user into an arbitrary account by leveraging lack of CSRF checks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-27T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2015-5170-5173"
},
{
"name": "101579",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101579"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5170",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow remote attackers to conduct cross-site request forgery (CSRF) attacks on PWS and log a user into an arbitrary account by leveraging lack of CSRF checks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pivotal.io/security/cve-2015-5170-5173",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2015-5170-5173"
},
{
"name": "101579",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101579"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-5170",
"datePublished": "2017-10-24T17:00:00",
"dateReserved": "2015-07-01T00:00:00",
"dateUpdated": "2024-08-06T06:41:07.967Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-4955 (GCVE-0-2017-4955)
Vulnerability from nvd – Published: 2017-06-13 06:00 – Updated: 2024-08-05 14:47
VLAI?
Summary
An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.65, 1.7.x versions prior to 1.7.48, 1.8.x versions prior to 1.8.28, and 1.9.x versions prior to 1.9.5. Several credentials were present in the logs for the Notifications errand in the PCF Elastic Runtime tile.
Severity ?
No CVSS data available.
CWE
- Credentials in Elastic Runtime Notifications errand log
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | PCF Elastic Runtime |
Affected:
PCF Elastic Runtime
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:47:44.061Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2017-4955"
},
{
"name": "97082",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97082"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PCF Elastic Runtime",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "PCF Elastic Runtime"
}
]
}
],
"datePublic": "2017-06-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.65, 1.7.x versions prior to 1.7.48, 1.8.x versions prior to 1.8.28, and 1.9.x versions prior to 1.9.5. Several credentials were present in the logs for the Notifications errand in the PCF Elastic Runtime tile."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Credentials in Elastic Runtime Notifications errand log",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-13T09:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2017-4955"
},
{
"name": "97082",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97082"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2017-4955",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PCF Elastic Runtime",
"version": {
"version_data": [
{
"version_value": "PCF Elastic Runtime"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.65, 1.7.x versions prior to 1.7.48, 1.8.x versions prior to 1.8.28, and 1.9.x versions prior to 1.9.5. Several credentials were present in the logs for the Notifications errand in the PCF Elastic Runtime tile."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Credentials in Elastic Runtime Notifications errand log"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pivotal.io/security/cve-2017-4955",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2017-4955"
},
{
"name": "97082",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97082"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2017-4955",
"datePublished": "2017-06-13T06:00:00",
"dateReserved": "2016-12-29T00:00:00",
"dateUpdated": "2024-08-05T14:47:44.061Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-4959 (GCVE-0-2017-4959)
Vulnerability from nvd – Published: 2017-06-13 06:00 – Updated: 2024-08-05 14:47
VLAI?
Summary
An issue was discovered in Pivotal PCF Elastic Runtime 1.8.x versions prior to 1.8.29 and 1.9.x versions prior to 1.9.7. Pivotal Cloud Foundry deployments using the Pivotal Account application are vulnerable to a flaw which allows an authorized user to take over the account of another user, causing account lockout and potential escalation of privileges.
Severity ?
No CVSS data available.
CWE
- Pivotal Cloud Foundry account authorization vulnerability
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | PCF Elastic Runtime |
Affected:
PCF Elastic Runtime
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:47:43.745Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "96218",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96218"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2017-4959"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PCF Elastic Runtime",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "PCF Elastic Runtime"
}
]
}
],
"datePublic": "2017-06-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Pivotal PCF Elastic Runtime 1.8.x versions prior to 1.8.29 and 1.9.x versions prior to 1.9.7. Pivotal Cloud Foundry deployments using the Pivotal Account application are vulnerable to a flaw which allows an authorized user to take over the account of another user, causing account lockout and potential escalation of privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Pivotal Cloud Foundry account authorization vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-13T09:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "96218",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96218"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2017-4959"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2017-4959",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PCF Elastic Runtime",
"version": {
"version_data": [
{
"version_value": "PCF Elastic Runtime"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Pivotal PCF Elastic Runtime 1.8.x versions prior to 1.8.29 and 1.9.x versions prior to 1.9.7. Pivotal Cloud Foundry deployments using the Pivotal Account application are vulnerable to a flaw which allows an authorized user to take over the account of another user, causing account lockout and potential escalation of privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Pivotal Cloud Foundry account authorization vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96218",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96218"
},
{
"name": "https://pivotal.io/security/cve-2017-4959",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2017-4959"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2017-4959",
"datePublished": "2017-06-13T06:00:00",
"dateReserved": "2016-12-29T00:00:00",
"dateUpdated": "2024-08-05T14:47:43.745Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2773 (GCVE-0-2017-2773)
Vulnerability from nvd – Published: 2017-06-13 06:00 – Updated: 2024-08-05 14:02
VLAI?
Summary
An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.60, 1.7.x versions prior to 1.7.41, 1.8.x versions prior to 1.8.23, and 1.9.x versions prior to 1.9.1. Incomplete validation logic in JSON Web Token (JWT) libraries can allow unprivileged attackers to impersonate other users in multiple components included in PCF Elastic Runtime, aka an "Unauthenticated JWT signing algorithm in multiple components" issue.
Severity ?
No CVSS data available.
CWE
- Unauthenticated JWT signing algorithm in multiple components
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | PCF Elastic Runtime |
Affected:
PCF Elastic Runtime
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:02:07.773Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "97135",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97135"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2017-2773"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PCF Elastic Runtime",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "PCF Elastic Runtime"
}
]
}
],
"datePublic": "2017-06-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.60, 1.7.x versions prior to 1.7.41, 1.8.x versions prior to 1.8.23, and 1.9.x versions prior to 1.9.1. Incomplete validation logic in JSON Web Token (JWT) libraries can allow unprivileged attackers to impersonate other users in multiple components included in PCF Elastic Runtime, aka an \"Unauthenticated JWT signing algorithm in multiple components\" issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unauthenticated JWT signing algorithm in multiple components",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-13T09:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "97135",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97135"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2017-2773"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2017-2773",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PCF Elastic Runtime",
"version": {
"version_data": [
{
"version_value": "PCF Elastic Runtime"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.60, 1.7.x versions prior to 1.7.41, 1.8.x versions prior to 1.8.23, and 1.9.x versions prior to 1.9.1. Incomplete validation logic in JSON Web Token (JWT) libraries can allow unprivileged attackers to impersonate other users in multiple components included in PCF Elastic Runtime, aka an \"Unauthenticated JWT signing algorithm in multiple components\" issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unauthenticated JWT signing algorithm in multiple components"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "97135",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97135"
},
{
"name": "https://pivotal.io/security/cve-2017-2773",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2017-2773"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2017-2773",
"datePublished": "2017-06-13T06:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T14:02:07.773Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}