7.8

CVE-2017-8048

EPSS 0.42%
Veröffentlicht 04.10.2017 01:29:03
Zuletzt bearbeitet 20.04.2025 01:37:25
Quelle security_alert@emc.com
Teams Watchlist Login
Unerledigt Login

In Cloud Foundry capi-release versions 1.33.0 and later, prior to 1.42.0 and cf-release versions 268 and later, prior to 274, the original fix for CVE-2017-8033 introduces an API regression that allows a space developer to execute arbitrary code on the Cloud Controller VM by pushing a specially crafted application. NOTE: 274 resolves the vulnerability but has a serious bug that is fixed in 275.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cloudfoundry ≫ Cf-release Version268

Cloudfoundry ≫ Cf-release Version269

Cloudfoundry ≫ Cf-release Version270

Cloudfoundry ≫ Cf-release Version271

Cloudfoundry ≫ Cf-release Version272

Cloudfoundry ≫ Cf-release Version273

Pivotal ≫ Capi-release Version1.33.0

Pivotal ≫ Capi-release Version1.34.0

Pivotal ≫ Capi-release Version1.35.0

Pivotal ≫ Capi-release Version1.36.0

Pivotal ≫ Capi-release Version1.37.0

Pivotal ≫ Capi-release Version1.38.0

Pivotal ≫ Capi-release Version1.39.0

Pivotal ≫ Capi-release Version1.40.0

Pivotal ≫ Capi-release Version1.41.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.42%	0.589

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

https://www.cloudfoundry.org/cve-2017-8048/

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2017-8048

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-8048

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-8048

EUVD