CVE-2017-4963
Last modified
CVE-2017-4963 is a vulnerability of currently unknown severity. An issue was discovered in Cloud Foundry Foundation Cloud Foundry release v252 and earlier versions, UAA stand-alone release v2.0.0 - v2.7.4.12 & v3.0.0 - v3.11.0, and UAA bosh release v26 & earlier versions. UAA is vulnerable to session fixation when configured to authenticate against external SAML or OpenID Connect based identity providers.. EPSS estimates a 0.90% chance of exploitation in the next 30 days.
Description
An issue was discovered in Cloud Foundry Foundation Cloud Foundry release v252 and earlier versions, UAA stand-alone release v2.0.0 - v2.7.4.12 & v3.0.0 - v3.11.0, and UAA bosh release v26 & earlier versions. UAA is vulnerable to session fixation when configured to authenticate against external SAML or OpenID Connect based identity providers.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Pivotal Software | Cloud Foundry Cf-Release | <= 252 |
| Pivotal Software | Cloud Foundry Uaa | >= 2.0.0, <= 2.7.4.12 |
| Pivotal Software | Cloud Foundry Uaa | >= 3.0.0, <= 3.11.0 |
| Pivotal Software | Cloud Foundry Uaa-Release | <= 26 |
References
- https://www.cloudfoundry.org/cve-2017-4963/Vendor Advisory
- https://www.cloudfoundry.org/cve-2017-4963/Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-4963?
How severe is CVE-2017-4963?
How do I fix CVE-2017-4963?
Are you affected by CVE-2017-4963?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST