PT-2018-11358 · Microsoft · Windows 2012R2 Stemcells

Publicado

2018-05-17

·

Atualizado

2018-06-20

·

CVE-2018-1276

CVSS v3.1

6.5

Média

VetorAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions Windows 2012R2 stemcells versions prior to 1200.17
Description The issue allows a remote user with the ability to push apps to execute crafted commands, reading the IaaS metadata from the VM. This metadata may contain BOSH credentials.
Recommendations For Windows 2012R2 stemcells versions prior to 1200.17, update to version 1200.17 or later to resolve the issue.

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

CVE-2018-1276

Produtos afetados

Windows 2012R2 Stemcells