7.5

CVE-2017-8037

In Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.38.0 and cf-release versions after v244 and prior to v270, there is an incomplete fix for CVE-2017-8035. If you took steps to remediate CVE-2017-8035 you should also upgrade to fix this CVE. A carefully crafted CAPI request from a Space Developer can allow them to gain access to files on the Cloud Controller VM for that installation, aka an Information Leak / Disclosure.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CloudfoundryCapi-release Version1.7.0
CloudfoundryCapi-release Version1.8.0
CloudfoundryCapi-release Version1.9.0
CloudfoundryCapi-release Version1.10.0
CloudfoundryCapi-release Version1.11.0
CloudfoundryCapi-release Version1.12.0
CloudfoundryCapi-release Version1.13.0
CloudfoundryCapi-release Version1.14.0
CloudfoundryCapi-release Version1.15.0
CloudfoundryCapi-release Version1.16.0
CloudfoundryCapi-release Version1.17.0
CloudfoundryCapi-release Version1.18.0
CloudfoundryCapi-release Version1.19.0
CloudfoundryCapi-release Version1.20.0
CloudfoundryCapi-release Version1.21.0
CloudfoundryCapi-release Version1.22.0
CloudfoundryCapi-release Version1.23.0
CloudfoundryCapi-release Version1.24.0
CloudfoundryCapi-release Version1.25.0
CloudfoundryCapi-release Version1.26.0
CloudfoundryCapi-release Version1.27.0
CloudfoundryCapi-release Version1.28.0
CloudfoundryCapi-release Version1.29.0
CloudfoundryCapi-release Version1.30.0
CloudfoundryCapi-release Version1.31.0
CloudfoundryCapi-release Version1.32.0
CloudfoundryCapi-release Version1.33.0
CloudfoundryCapi-release Version1.34.0
CloudfoundryCapi-release Version1.35.0
CloudfoundryCapi-release Version1.36.0
CloudfoundryCapi-release Version1.37.0
CloudfoundryCf-release Version245
CloudfoundryCf-release Version246
CloudfoundryCf-release Version247
CloudfoundryCf-release Version248
CloudfoundryCf-release Version249
CloudfoundryCf-release Version250
CloudfoundryCf-release Version251
CloudfoundryCf-release Version252
CloudfoundryCf-release Version253
CloudfoundryCf-release Version254
CloudfoundryCf-release Version255
CloudfoundryCf-release Version256
CloudfoundryCf-release Version257
CloudfoundryCf-release Version258
CloudfoundryCf-release Version259
CloudfoundryCf-release Version260
CloudfoundryCf-release Version261
CloudfoundryCf-release Version262
CloudfoundryCf-release Version263
CloudfoundryCf-release Version264
CloudfoundryCf-release Version265
CloudfoundryCf-release Version266
CloudfoundryCf-release Version267
CloudfoundryCf-release Version268
CloudfoundryCf-release Version269
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.38% 0.588
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.