Vulnerabilities > CVE-2017-4959 - Unspecified vulnerability in Pivotal Software Cloud Foundry Elastic Runtime

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

pivotal-software

NVD

Published: 2017-06-13

Updated: 2019-10-03

Summary

An issue was discovered in Pivotal PCF Elastic Runtime 1.8.x versions prior to 1.8.29 and 1.9.x versions prior to 1.9.7. Pivotal Cloud Foundry deployments using the Pivotal Account application are vulnerable to a flaw which allows an authorized user to take over the account of another user, causing account lockout and potential escalation of privileges.

Vulnerable Configurations

Part	Description	Count
Application	Pivotal_Software Pivotal Software Cloud Foundry Elastic Runtime 1.8.28 Pivotal Software Cloud Foundry Elastic Runtime 1.8.0 Pivotal Software Cloud Foundry Elastic Runtime 1.8.13 Pivotal Software Cloud Foundry Elastic Runtime 1.8.14 Pivotal Software Cloud Foundry Elastic Runtime 1.8.15 Pivotal Software Cloud Foundry Elastic Runtime 1.8.11 Pivotal Software Cloud Foundry Elastic Runtime 1.8.21 Pivotal Software Cloud Foundry Elastic Runtime 1.8.6 Pivotal Software Cloud Foundry Elastic Runtime 1.8.1 Pivotal Software Cloud Foundry Elastic Runtime 1.8.24 Pivotal Software Cloud Foundry Elastic Runtime 1.8.12 Pivotal Software Cloud Foundry Elastic Runtime 1.8.23 Pivotal Software Cloud Foundry Elastic Runtime 1.8.4 Pivotal Software Cloud Foundry Elastic Runtime 1.8.18 Pivotal Software Cloud Foundry Elastic Runtime 1.8.26 Pivotal Software Cloud Foundry Elastic Runtime 1.8.25 Pivotal Software Cloud Foundry Elastic Runtime 1.8.9 Pivotal Software Cloud Foundry Elastic Runtime 1.8.3 Pivotal Software Cloud Foundry Elastic Runtime 1.8.7 Pivotal Software Cloud Foundry Elastic Runtime 1.8.17 Pivotal Software Cloud Foundry Elastic Runtime 1.8.10 Pivotal Software Cloud Foundry Elastic Runtime 1.8.22 Pivotal Software Cloud Foundry Elastic Runtime 1.8.8 Pivotal Software Cloud Foundry Elastic Runtime 1.8.2 Pivotal Software Cloud Foundry Elastic Runtime 1.8.27 Pivotal Software Cloud Foundry Elastic Runtime 1.8.5 Pivotal Software Cloud Foundry Elastic Runtime 1.8.20 Pivotal Software Cloud Foundry Elastic Runtime 1.8.16 Pivotal Software Cloud Foundry Elastic Runtime 1.8.19 Pivotal Software Cloud Foundry Elastic Runtime 1.9.4 Pivotal Software Cloud Foundry Elastic Runtime 1.9.2 Pivotal Software Cloud Foundry Elastic Runtime 1.9.1 Pivotal Software Cloud Foundry Elastic Runtime 1.9.3 Pivotal Software Cloud Foundry Elastic Runtime 1.9.6 Pivotal Software Cloud Foundry Elastic Runtime 1.9.5 Pivotal Software Cloud Foundry Elastic Runtime 1.9.0	36

Summary

Vulnerable Configurations

References