In Pivotal Single Sign-On for PCF (1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3), certain pages allow code to be injected into the DOM environment through query parameters, leading to XSS attacks.
References
| Link | Resource |
|---|---|
| http://www.securityfocus.com/bid/100618 | Third Party Advisory VDB Entry |
| https://pivotal.io/security/cve-2017-8044 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
12 Aug 2021, 21:31
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:pivotal_software:single_sign-on_for_pivotal_cloud_foundry:1.4.2:*:*:*:*:*:*:* cpe:2.3:a:pivotal_software:single_sign-on_for_pivotal_cloud_foundry:1.3.2:*:*:*:*:*:*:* cpe:2.3:a:pivotal_software:single_sign-on_for_pivotal_cloud_foundry:1.4.1:*:*:*:*:*:*:* cpe:2.3:a:pivotal_software:single_sign-on_for_pivotal_cloud_foundry:1.3.3:*:*:*:*:*:*:* |
cpe:2.3:a:vmware:single_sign-on_for_pivotal_cloud_foundry:1.3.0:*:*:*:*:*:*:* cpe:2.3:a:vmware:single_sign-on_for_pivotal_cloud_foundry:1.3.3:*:*:*:*:*:*:* cpe:2.3:a:vmware:single_sign-on_for_pivotal_cloud_foundry:1.4.1:*:*:*:*:*:*:* cpe:2.3:a:vmware:single_sign-on_for_pivotal_cloud_foundry:1.3.2:*:*:*:*:*:*:* cpe:2.3:a:vmware:single_sign-on_for_pivotal_cloud_foundry:1.4.2:*:*:*:*:*:*:* |
Information
Published : 2017-11-27 10:29
Updated : 2023-12-10 12:15
NVD link : CVE-2017-8044
Mitre link : CVE-2017-8044
CVE.ORG link : CVE-2017-8044
JSON object : View
Products Affected
vmware
- single_sign-on_for_pivotal_cloud_foundry
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')