CVE-2017-4959

{"id": "CVE-2017-4959", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2017-06-13T06:29:00.363", "references": [{"url": "http://www.securityfocus.com/bid/96218", "tags": ["Third Party Advisory", "VDB Entry"], "source": "security_alert@emc.com"}, {"url": "https://pivotal.io/security/cve-2017-4959", "tags": ["Vendor Advisory"], "source": "security_alert@emc.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Pivotal PCF Elastic Runtime 1.8.x versions prior to 1.8.29 and 1.9.x versions prior to 1.9.7. Pivotal Cloud Foundry deployments using the Pivotal Account application are vulnerable to a flaw which allows an authorized user to take over the account of another user, causing account lockout and potential escalation of privileges."}, {"lang": "es", "value": "Se ha descubierto un problema en Pivotal PCF Elastic Runtime, en versiones 1.8.x anteriores a la 1.8.29 y en versiones 1.9.x anteriores a la 1.9.7. Los despliegues de Pivotal Cloud Foundry que emplean la aplicaci\u00f3n Pivotal Account son vulnerables a un error que permite que un usuario autorizado tome el control de la cuenta de otro usuario, lo que podr\u00eda provocar el bloqueo de la cuenta y un potencial escalado de privilegios."}], "lastModified": "2019-10-03T00:03:26.223", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "258FAFB4-2B67-456B-BE78-1562A3D5E9A6"}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "15F08919-8764-419D-A399-1EAA6B055C5D"}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "09BA6E79-22B6-4E5E-8C85-BBA8CB6C1828"}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FB328ACE-FC3C-4255-9400-A9BBC5059F5B"}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "877383E9-545F-4324-B8EA-76F33B7C11C2"}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7B6BCA5E-1A43-41AA-ACEC-2C73E1B84D26"}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0CF15EDB-2707-43E2-9B53-C0CCA28AC972"}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C896CBBE-BE7B-44C3-A25E-F85BC7F6CE51"}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "944374E2-A07E-4EEA-BE0C-47EF62FFABA2"}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CAEA85D5-10B2-4003-A857-2C46F9559694"}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "799E1F2E-DA5F-41B5-9B83-55661E18D726"}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AD9369A6-F59D-4C7A-830E-6EAC6F81A493"}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "31A2732A-0309-4DF0-9EF1-7954D10BCFCC"}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.13:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C3101A31-55B3-4212-B78F-FE574B445F91"}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.14:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DED599DA-D25C-45FD-9CDA-8E9E2D17364C"}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.15:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EBA779B7-1660-48B7-A648-E3952BFD1B14"}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.16:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "83A66A35-48D1-48E5-97A9-A6F136EC9BEE"}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.17:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "598033B9-A0FB-4A5B-9417-5A434608232A"}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.18:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A6CE5BCF-A1C8-4F24-A5BC-70FAF096253F"}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.19:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "85E0C92F-485D-4675-95F8-672E8489AF64"}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.20:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6B95BB7C-D9D7-4A63-B8AB-6EB456D236A5"}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.21:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A06AE8D5-F30A-4F73-AF69-622F01D0BF0C"}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.22:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "167A8FDC-4C37-4AC4-9A0D-B73602F8062F"}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.23:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DDAEFA2F-3E9E-4B4F-8679-7F70A3ED6292"}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.24:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "81501627-C022-4BEC-AF42-B10DF1CDA69E"}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.25:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2FD7FDCF-4123-4000-821B-88D5214AF74D"}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.26:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A0224626-1FB4-4DF5-B16F-5D2741E51E02"}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.27:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ADD367D8-748B-4CE7-8CF4-0549B02B1766"}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.28:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F3DDC3D0-2523-4A10-824F-6630F7559CD8"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A4FA79FA-C53E-4852-941B-F8B32EBC0BE1"}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.9.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F25D21E0-E84B-4BCF-B2D0-2332CD583128"}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.9.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "80C76651-7E20-4456-ADA3-DF5020471743"}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.9.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CC7911DD-A3CC-4046-884D-C11A1263B037"}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.9.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8F122CEA-7924-45A6-BCFD-B9079C4B0DCA"}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.9.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EBBFA1F5-3A00-4BCE-8E8D-B3E898933A71"}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.9.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3329004D-1F23-4991-A8ED-51DB1E596FD8"}], "operator": "OR"}]}], "sourceIdentifier": "security_alert@emc.com"}