Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2017-4991

Good to know:

icon

Date: June 13, 2017

An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v260; UAA release 2.x versions prior to v2.7.4.16, 3.6.x versions prior to v3.6.10, 3.9.x versions prior to v3.9.12, and other versions prior to v3.17.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.14, 24.x versions prior to v24.9, 30.x versions prior to 30.2, and other versions prior to v36. Privileged users in one zone are allowed to perform a password reset for users in a different zone.

Language: Java

Severity Score

Related Resources (9)

https://www.cloudfoundry.org/cve-2017-4991/
https://github.com/cloudfoundry/uaa/commit/eb3f86054489039e11eabd54a8ec9a46c22abfc8
https://github.com/cloudfoundry/uaa/commit/2ca35f1723e039aa7d2318134b05d02e40072a18
https://nvd.nist.gov/vuln/detail/CVE-2017-4991
https://github.com/cloudfoundry/uaa
https://github.com/cloudfoundry/uaa/commit/ba23bcf109704ab2eae519b705d7b2a75e023553
https://www.cloudfoundry.org/cve-2017-4991
https://github.com/cloudfoundry/uaa/commit/bbf6751bc0d87c4a3aaf21b54e26ce328ab998b3
https://www.mend.io/vulnerability-database/CVE-2017-4991

Severity Score

Weakness Type (CWE)

Improper Privilege Management

CWE-269

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): HIGH
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): HIGH
Availability (A): HIGH

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): LOW
Authentication (AU): SINGLE
Confidentiality (C): PARTIAL
Integrity (I): PARTIAL
Availability (A): PARTIAL
Additional information:

Do you need more information?

Contact Us