PT-2017-16227 · Pivotal · Pivotal Cloud Foundry+2

Published

2017-06-13

Updated

2019-10-03

CVE-2017-4959

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Pivotal PCF Elastic Runtime versions prior to 1.8.29 Pivotal PCF Elastic Runtime versions prior to 1.9.7

Description An issue was discovered that allows an authorized user to take over the account of another user, causing account lockout and potential escalation of privileges. This issue affects Pivotal Cloud Foundry deployments using the Pivotal Account application.

Recommendations For versions prior to 1.8.29, update to version 1.8.29 or later to resolve the issue. For versions prior to 1.9.7, update to version 1.9.7 or later to resolve the issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2017-4959

Affected Products

Pivotal Account

Pivotal Cloud Foundry

Pivotal Elastic Runtime

PT-2017-16227 · Pivotal · Pivotal Cloud Foundry+2

CVE-2017-4959

Related Identifiers

Affected Products

References · 5