CVE-2017-8040

Name of the Vulnerable Software and Affected Versions Single Sign-On for Pivotal Cloud Foundry (PCF) versions 1.3.x prior to 1.3.4 Single Sign-On for Pivotal Cloud Foundry (PCF) versions 1.4.x prior to 1.4.3

Description An XXE (XML External Entity) attack was discovered in the Single Sign-On service dashboard, allowing privileged users to upload malformed XML. This can lead to exposure of data on the Single Sign-On service broker file system.

Recommendations For versions 1.3.x prior to 1.3.4, update to version 1.3.4 or later. For versions 1.4.x prior to 1.4.3, update to version 1.4.3 or later.