Vulnerabilities > CVE-2017-8040 - XXE vulnerability in VMWare Single Sign-On for Pivotal Cloud Foundry

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

vmware

CWE-611

NVD

Published: 2017-09-09

Updated: 2021-08-12

Summary

In Single Sign-On for Pivotal Cloud Foundry (PCF) 1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3, an XXE (XML External Entity) attack was discovered in the Single Sign-On service dashboard. Privileged users can in some cases upload malformed XML leading to exposure of data on the Single Sign-On service broker file system.

Vulnerable Configurations

Part	Description	Count
Application	Vmware Vmware Single Sign ON FOR Pivotal Cloud Foundry 1.3.0 Vmware Single Sign ON FOR Pivotal Cloud Foundry 1.3.2 Vmware Single Sign ON FOR Pivotal Cloud Foundry 1.3.3 Vmware Single Sign ON FOR Pivotal Cloud Foundry 1.4.1 Vmware Single Sign ON FOR Pivotal Cloud Foundry 1.4.2 Vmware Single Sign ON FOR Pivotal Cloud Foundry 1.4.0 Vmware Single Sign ON FOR Pivotal Cloud Foundry 1.4.3	7

Common Weakness Enumeration (CWE)

CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References