CVE-2017-4961

EPSS 0.2%
Veröffentlicht 13.06.2017 06:29:00
Zuletzt bearbeitet 20.04.2025 01:37:25
Quelle security_alert@emc.com
CVE-Watchlists
Login
Unerledigt
Login

An issue was discovered in Cloud Foundry Foundation BOSH Release 261.x versions prior to 261.3 and all 260.x versions. In certain cases an authenticated Director user can provide a malicious checksum that could allow them to escalate their privileges on the Director VM, aka "BOSH Director Shell Injection Vulnerabilities."

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cloud Foundry ≫ Bosh Version260

Cloud Foundry ≫ Bosh Version260.1

Cloud Foundry ≫ Bosh Version260.2

Cloud Foundry ≫ Bosh Version260.3

Cloud Foundry ≫ Bosh Version260.4

Cloud Foundry ≫ Bosh Version260.5

Cloud Foundry ≫ Bosh Version260.6

Cloud Foundry ≫ Bosh Version260.7

Cloud Foundry ≫ Bosh Version261

Cloud Foundry ≫ Bosh Version261.1

Cloud Foundry ≫ Bosh Version261.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.2%	0.391

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P

CWE-354 Improper Validation of Integrity Check Value

The product does not validate or incorrectly validates the integrity check values or "checksums" of a message. This may prevent it from detecting if the data has been modified or corrupted in transmission.

https://www.cloudfoundry.org/cve-2017-4961/

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2017-4961

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-4961

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-4961

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2017-4961