CVE-2017-4959

high-risk

Published 2017-06-13

An issue was discovered in Pivotal PCF Elastic Runtime 1.8.x versions prior to 1.8.29 and 1.9.x versions prior to 1.9.7. Pivotal Cloud Foundry deployments using the Pivotal Account application are vulnerable to a flaw which allows an authorized user to take over the account of another user, causing account lockout and potential escalation of privileges.

Do I need to act?

-

0.53% chance of exploitation

EPSS score — low exploit probability

-

Not on CISA KEV list

No confirmed active exploitation reported to CISA

?

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

8

CVSS 8.8/10 High

NETWORK / LOW complexity

Affected Products (20)

Cloud Foundry Elastic Runtime

Cloud Foundry Elastic Runtime

Cloud Foundry Elastic Runtime

Cloud Foundry Elastic Runtime

Cloud Foundry Elastic Runtime

Cloud Foundry Elastic Runtime

Cloud Foundry Elastic Runtime

Cloud Foundry Elastic Runtime

Cloud Foundry Elastic Runtime

Cloud Foundry Elastic Runtime

Cloud Foundry Elastic Runtime

Cloud Foundry Elastic Runtime

Cloud Foundry Elastic Runtime

Cloud Foundry Elastic Runtime

Cloud Foundry Elastic Runtime

Cloud Foundry Elastic Runtime

Cloud Foundry Elastic Runtime

Cloud Foundry Elastic Runtime

Cloud Foundry Elastic Runtime

Cloud Foundry Elastic Runtime

Affected Vendors

Pivotal Software

References (4)

Third Party Advisory http://www.securityfocus.com/bid/96218

Vendor Advisory https://pivotal.io/security/cve-2017-4959

Third Party Advisory http://www.securityfocus.com/bid/96218

Vendor Advisory https://pivotal.io/security/cve-2017-4959

55

/ 100

high-risk

Severity 30/34 · Critical

Exploitability 2/34 · Minimal

Exposure 23/34 · High