Vulnerabilities > CVE-2017-4959 - Privilege Escalation vulnerability in Pivotal Cloud Foundry Elastic Runtime

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

pivotal-software

NVD

Published: 2017-06-13

Updated: 2019-10-03

Summary

An issue was discovered in Pivotal PCF Elastic Runtime 1.8.x versions prior to 1.8.29 and 1.9.x versions prior to 1.9.7. Pivotal Cloud Foundry deployments using the Pivotal Account application are vulnerable to a flaw which allows an authorized user to take over the account of another user, causing account lockout and potential escalation of privileges.

Vulnerable Configurations

Part	Description	Count
Application	Pivotal_Software Pivotal Software Cloud Foundry Elastic Runtime 1.8.0 Pivotal Software Cloud Foundry Elastic Runtime 1.8.1 Pivotal Software Cloud Foundry Elastic Runtime 1.8.2 Pivotal Software Cloud Foundry Elastic Runtime 1.8.3 Pivotal Software Cloud Foundry Elastic Runtime 1.8.4 Pivotal Software Cloud Foundry Elastic Runtime 1.8.5 Pivotal Software Cloud Foundry Elastic Runtime 1.8.6 Pivotal Software Cloud Foundry Elastic Runtime 1.8.7 Pivotal Software Cloud Foundry Elastic Runtime 1.8.8 Pivotal Software Cloud Foundry Elastic Runtime 1.8.9 Pivotal Software Cloud Foundry Elastic Runtime 1.8.10 Pivotal Software Cloud Foundry Elastic Runtime 1.8.11 Pivotal Software Cloud Foundry Elastic Runtime 1.8.12 Pivotal Software Cloud Foundry Elastic Runtime 1.8.13 Pivotal Software Cloud Foundry Elastic Runtime 1.8.14 Pivotal Software Cloud Foundry Elastic Runtime 1.8.15 Pivotal Software Cloud Foundry Elastic Runtime 1.8.16 Pivotal Software Cloud Foundry Elastic Runtime 1.8.17 Pivotal Software Cloud Foundry Elastic Runtime 1.8.18 Pivotal Software Cloud Foundry Elastic Runtime 1.8.19 Pivotal Software Cloud Foundry Elastic Runtime 1.8.20 Pivotal Software Cloud Foundry Elastic Runtime 1.8.21 Pivotal Software Cloud Foundry Elastic Runtime 1.8.22 Pivotal Software Cloud Foundry Elastic Runtime 1.8.23 Pivotal Software Cloud Foundry Elastic Runtime 1.8.24 Pivotal Software Cloud Foundry Elastic Runtime 1.8.25 Pivotal Software Cloud Foundry Elastic Runtime 1.8.26 Pivotal Software Cloud Foundry Elastic Runtime 1.8.27 Pivotal Software Cloud Foundry Elastic Runtime 1.8.28 Pivotal Software Cloud Foundry Elastic Runtime 1.9.0 Pivotal Software Cloud Foundry Elastic Runtime 1.9.1 Pivotal Software Cloud Foundry Elastic Runtime 1.9.2 Pivotal Software Cloud Foundry Elastic Runtime 1.9.3 Pivotal Software Cloud Foundry Elastic Runtime 1.9.4 Pivotal Software Cloud Foundry Elastic Runtime 1.9.5 Pivotal Software Cloud Foundry Elastic Runtime 1.9.6	36

Summary

Vulnerable Configurations

References