CVE-2017-4960

high-risk
Published 2017-03-10

An issue was discovered in Cloud Foundry release v247 through v252, UAA stand-alone release v3.9.0 through v3.11.0, and UAA Bosh Release v21 through v26. There is a potential to subject the UAA OAuth clients to a denial of service attack.

Do I need to act?

-
0.45% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / LOW complexity

Affected Products (20)

Cloud Foundry Uaa Bosh
Cloud Foundry Uaa Bosh
Cloud Foundry Uaa Bosh
Cloud Foundry Uaa Bosh
Cloud Foundry Uaa Bosh
Cloud Foundry Uaa Bosh
Cloud Foundry Uaa Bosh
Cloud Foundry
Cloud Foundry
Cloud Foundry
Cloud Foundry
Cloud Foundry
Cloud Foundry Uaa Bosh
Cloud Foundry Uaa Bosh

Affected Vendors

Cloudfoundry Pivotal Software

References (4)

Third Party Advisory http://www.securityfocus.com/bid/96780
Vendor Advisory https://www.cloudfoundry.org/cve-2017-4960/
Third Party Advisory http://www.securityfocus.com/bid/96780
Vendor Advisory https://www.cloudfoundry.org/cve-2017-4960/
50
/ 100
high-risk
Severity 26/34 · High
Exploitability 2/34 · Minimal
Exposure 22/34 · High