CVE-2017-4955

high-risk

Published 2017-06-13

An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.65, 1.7.x versions prior to 1.7.48, 1.8.x versions prior to 1.8.28, and 1.9.x versions prior to 1.9.5. Several credentials were present in the logs for the Notifications errand in the PCF Elastic Runtime tile.

Do I need to act?

-

0.41% chance of exploitation

EPSS score — low exploit probability

-

Not on CISA KEV list

No confirmed active exploitation reported to CISA

?

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

9

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (20)

Cloud Foundry Elastic Runtime

Cloud Foundry Elastic Runtime

Cloud Foundry Elastic Runtime

Cloud Foundry Elastic Runtime

Cloud Foundry Elastic Runtime

Cloud Foundry Elastic Runtime

Cloud Foundry Elastic Runtime

Cloud Foundry Elastic Runtime

Cloud Foundry Elastic Runtime

Cloud Foundry Elastic Runtime

Cloud Foundry Elastic Runtime

Cloud Foundry Elastic Runtime

Cloud Foundry Elastic Runtime

Cloud Foundry Elastic Runtime

Cloud Foundry Elastic Runtime

Cloud Foundry Elastic Runtime

Cloud Foundry Elastic Runtime

Cloud Foundry Elastic Runtime

Cloud Foundry Elastic Runtime

Cloud Foundry Elastic Runtime

Affected Vendors

Pivotal Software

References (4)

Third Party Advisory http://www.securityfocus.com/bid/97082

Mitigation https://pivotal.io/security/cve-2017-4955

Third Party Advisory http://www.securityfocus.com/bid/97082

Mitigation https://pivotal.io/security/cve-2017-4955

66

/ 100

high-risk

Severity 32/34 · Critical

Exploitability 2/34 · Minimal

Exposure 32/34 · Critical