← Back

CVE-2017-4992

nvd nist
Published: Jun 13, 2017Modified: May 13, 2026

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v261; UAA release 2.x versions prior to v2.7.4.17, 3.6.x versions prior to v3.6.11, 3.9.x versions prior to v3.9.13, and other versions prior to v4.2.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.15, 24.x versions prior to v24.10, 30.x versions prior to 30.3, and other versions prior to v37. There is privilege escalation (arbitrary password reset) with user invitations.

Affected (73)

Cloudfoundry
2 products
Cf Release
Cloud Foundry Uaa Bosh
Pivotal Software
1 product
Cloud Foundry Uaa
Configuration A
73 vulnerable
Vulnerable SoftwareAffected Versions
Cf Release
Up to 260
Cloudfoundry
Cloud Foundry Uaa Bosh
Up to 27
Cloud Foundry Uaa Bosh
Version 13.10
Cloud Foundry Uaa Bosh
Version 13.11
Cloud Foundry Uaa Bosh
Version 13.12
Cloud Foundry Uaa Bosh
Version 13.13
Cloud Foundry Uaa Bosh
Version 13.14
Cloud Foundry Uaa Bosh
Version 13.1
Cloud Foundry Uaa Bosh
Version 13.2
Cloud Foundry Uaa Bosh
Version 13.3
Cloud Foundry Uaa Bosh
Version 13.4
Cloud Foundry Uaa Bosh
Version 13.5
Cloud Foundry Uaa Bosh
Version 13.6
Cloud Foundry Uaa Bosh
Version 13.7
Cloud Foundry Uaa Bosh
Version 13.8
Cloud Foundry Uaa Bosh
Version 13.9
Cloud Foundry Uaa Bosh
Version 24.1
Cloud Foundry Uaa Bosh
Version 24.2
Cloud Foundry Uaa Bosh
Version 24.3
Cloud Foundry Uaa Bosh
Version 24.4
Cloud Foundry Uaa Bosh
Version 24.5
Cloud Foundry Uaa Bosh
Version 24.6
Cloud Foundry Uaa Bosh
Version 24.7
Cloud Foundry Uaa Bosh
Version 24.8
Cloud Foundry Uaa Bosh
Version 24.9
Cloud Foundry Uaa Bosh
Version 24
Cloud Foundry Uaa Bosh
Version 30.1
Cloud Foundry Uaa Bosh
Version 30.2
Cloud Foundry Uaa Bosh
Version 30
Pivotal Software
Cloud Foundry Uaa
Up to 4.2.0
Cloud Foundry Uaa
Version 2.2.5.4
Cloud Foundry Uaa
Version 2.7.1
Cloud Foundry Uaa
Version 2.7.2
Cloud Foundry Uaa
Version 2.7.3
Cloud Foundry Uaa
Version 2.7.4.11
Cloud Foundry Uaa
Version 2.7.4.12
Cloud Foundry Uaa
Version 2.7.4.13
Cloud Foundry Uaa
Version 2.7.4.14
Cloud Foundry Uaa
Version 2.7.4.15
Cloud Foundry Uaa
Version 2.7.4.16
Cloud Foundry Uaa
Version 2.7.4.1
Cloud Foundry Uaa
Version 2.7.4.2
Cloud Foundry Uaa
Version 2.7.4.3
Cloud Foundry Uaa
Version 2.7.4.4
Cloud Foundry Uaa
Version 2.7.4.5
Cloud Foundry Uaa
Version 2.7.4.6
Cloud Foundry Uaa
Version 2.7.4.7
Cloud Foundry Uaa
Version 2.7.4.8
Cloud Foundry Uaa
Version 2.7.4.9
Cloud Foundry Uaa
Version 2.7.4
Cloud Foundry Uaa
Version 3.6.10
Cloud Foundry Uaa
Version 3.6.1
Cloud Foundry Uaa
Version 3.6.2
Cloud Foundry Uaa
Version 3.6.3
Cloud Foundry Uaa
Version 3.6.4
Cloud Foundry Uaa
Version 3.6.5
Cloud Foundry Uaa
Version 3.6.6
Cloud Foundry Uaa
Version 3.6.7
Cloud Foundry Uaa
Version 3.6.8
Cloud Foundry Uaa
Version 3.6.9
Cloud Foundry Uaa
Version 3.9.10
Cloud Foundry Uaa
Version 3.9.11
Cloud Foundry Uaa
Version 3.9.12
Cloud Foundry Uaa
Version 3.9.13
Cloud Foundry Uaa
Version 3.9.1
Cloud Foundry Uaa
Version 3.9.2
Cloud Foundry Uaa
Version 3.9.3
Cloud Foundry Uaa
Version 3.9.4
Cloud Foundry Uaa
Version 3.9.5
Cloud Foundry Uaa
Version 3.9.6
Cloud Foundry Uaa
Version 3.9.7
Cloud Foundry Uaa
Version 3.9.8
Cloud Foundry Uaa
Version 3.9.9

Related CWEs

CWE-269
Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (2)

Source: security_alert@emc.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.