9.8

CVE-2017-4992

EPSS 0.39%
Published 13.06.2017 06:29:00
Last modified 20.04.2025 01:37:25
Source security_alert@emc.com
Teams watchlist Login
Open Login

An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v261; UAA release 2.x versions prior to v2.7.4.17, 3.6.x versions prior to v3.6.11, 3.9.x versions prior to v3.9.13, and other versions prior to v4.2.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.15, 24.x versions prior to v24.10, 30.x versions prior to 30.3, and other versions prior to v37. There is privilege escalation (arbitrary password reset) with user invitations.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Cloudfoundry ≫ Cf-release Version <= 260

Cloudfoundry ≫ Cloud Foundry Uaa Bosh Version <= 27

Cloudfoundry ≫ Cloud Foundry Uaa Bosh Version13.1

Cloudfoundry ≫ Cloud Foundry Uaa Bosh Version13.2

Cloudfoundry ≫ Cloud Foundry Uaa Bosh Version13.3

Cloudfoundry ≫ Cloud Foundry Uaa Bosh Version13.4

Cloudfoundry ≫ Cloud Foundry Uaa Bosh Version13.5

Cloudfoundry ≫ Cloud Foundry Uaa Bosh Version13.6

Cloudfoundry ≫ Cloud Foundry Uaa Bosh Version13.7

Cloudfoundry ≫ Cloud Foundry Uaa Bosh Version13.8

Cloudfoundry ≫ Cloud Foundry Uaa Bosh Version13.9

Cloudfoundry ≫ Cloud Foundry Uaa Bosh Version13.10

Cloudfoundry ≫ Cloud Foundry Uaa Bosh Version13.11

Cloudfoundry ≫ Cloud Foundry Uaa Bosh Version13.12

Cloudfoundry ≫ Cloud Foundry Uaa Bosh Version13.13

Cloudfoundry ≫ Cloud Foundry Uaa Bosh Version13.14

Cloudfoundry ≫ Cloud Foundry Uaa Bosh Version24

Cloudfoundry ≫ Cloud Foundry Uaa Bosh Version24.1

Cloudfoundry ≫ Cloud Foundry Uaa Bosh Version24.2

Cloudfoundry ≫ Cloud Foundry Uaa Bosh Version24.3

Cloudfoundry ≫ Cloud Foundry Uaa Bosh Version24.4

Cloudfoundry ≫ Cloud Foundry Uaa Bosh Version24.5

Cloudfoundry ≫ Cloud Foundry Uaa Bosh Version24.6

Cloudfoundry ≫ Cloud Foundry Uaa Bosh Version24.7

Cloudfoundry ≫ Cloud Foundry Uaa Bosh Version24.8

Cloudfoundry ≫ Cloud Foundry Uaa Bosh Version24.9

Cloudfoundry ≫ Cloud Foundry Uaa Bosh Version30

Cloudfoundry ≫ Cloud Foundry Uaa Bosh Version30.1

Cloudfoundry ≫ Cloud Foundry Uaa Bosh Version30.2

Pivotal Software ≫ Cloud Foundry Uaa Version <= 4.2.0

Pivotal Software ≫ Cloud Foundry Uaa Version2.2.5.4

Pivotal Software ≫ Cloud Foundry Uaa Version2.7.1

Pivotal Software ≫ Cloud Foundry Uaa Version2.7.2

Pivotal Software ≫ Cloud Foundry Uaa Version2.7.3

Pivotal Software ≫ Cloud Foundry Uaa Version2.7.4

Pivotal Software ≫ Cloud Foundry Uaa Version2.7.4.1

Pivotal Software ≫ Cloud Foundry Uaa Version2.7.4.2

Pivotal Software ≫ Cloud Foundry Uaa Version2.7.4.3

Pivotal Software ≫ Cloud Foundry Uaa Version2.7.4.4

Pivotal Software ≫ Cloud Foundry Uaa Version2.7.4.5

Pivotal Software ≫ Cloud Foundry Uaa Version2.7.4.6

Pivotal Software ≫ Cloud Foundry Uaa Version2.7.4.7

Pivotal Software ≫ Cloud Foundry Uaa Version2.7.4.8

Pivotal Software ≫ Cloud Foundry Uaa Version2.7.4.9

Pivotal Software ≫ Cloud Foundry Uaa Version2.7.4.11

Pivotal Software ≫ Cloud Foundry Uaa Version2.7.4.12

Pivotal Software ≫ Cloud Foundry Uaa Version2.7.4.13

Pivotal Software ≫ Cloud Foundry Uaa Version2.7.4.14

Pivotal Software ≫ Cloud Foundry Uaa Version2.7.4.15

Pivotal Software ≫ Cloud Foundry Uaa Version2.7.4.16

Pivotal Software ≫ Cloud Foundry Uaa Version3.6.1

Pivotal Software ≫ Cloud Foundry Uaa Version3.6.2

Pivotal Software ≫ Cloud Foundry Uaa Version3.6.3

Pivotal Software ≫ Cloud Foundry Uaa Version3.6.4

Pivotal Software ≫ Cloud Foundry Uaa Version3.6.5

Pivotal Software ≫ Cloud Foundry Uaa Version3.6.6

Pivotal Software ≫ Cloud Foundry Uaa Version3.6.7

Pivotal Software ≫ Cloud Foundry Uaa Version3.6.8

Pivotal Software ≫ Cloud Foundry Uaa Version3.6.9

Pivotal Software ≫ Cloud Foundry Uaa Version3.6.10

Pivotal Software ≫ Cloud Foundry Uaa Version3.9.1

Pivotal Software ≫ Cloud Foundry Uaa Version3.9.2

Pivotal Software ≫ Cloud Foundry Uaa Version3.9.3

Pivotal Software ≫ Cloud Foundry Uaa Version3.9.4

Pivotal Software ≫ Cloud Foundry Uaa Version3.9.5

Pivotal Software ≫ Cloud Foundry Uaa Version3.9.6

Pivotal Software ≫ Cloud Foundry Uaa Version3.9.7

Pivotal Software ≫ Cloud Foundry Uaa Version3.9.8

Pivotal Software ≫ Cloud Foundry Uaa Version3.9.9

Pivotal Software ≫ Cloud Foundry Uaa Version3.9.10

Pivotal Software ≫ Cloud Foundry Uaa Version3.9.11

Pivotal Software ≫ Cloud Foundry Uaa Version3.9.12

Pivotal Software ≫ Cloud Foundry Uaa Version3.9.13

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.39%	0.59

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

https://www.cloudfoundry.org/cve-2017-4992/

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2017-4992

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-4992

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-4992

EUVD