Vulnerability Details : CVE-2017-4955
An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.65, 1.7.x versions prior to 1.7.48, 1.8.x versions prior to 1.8.28, and 1.9.x versions prior to 1.9.5. Several credentials were present in the logs for the Notifications errand in the PCF Elastic Runtime tile.
Products affected by CVE-2017-4955
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.5:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.6:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.7:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.8:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.10:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.12:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.13:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.14:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.15:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.9:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.11:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.16:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.6:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.4:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.5:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.7:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.8:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.9:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.10:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.11:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.17:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.19:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.18:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.27:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.28:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.20:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.21:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.23:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.26:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.22:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.25:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.33:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.32:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.31:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.18:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.17:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.37:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.36:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.14:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.13:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.39:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.38:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.30:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.29:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.16:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.15:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.35:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.34:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.20:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.19:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.12:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.3:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.8:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.9:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.10:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.11:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.12:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.4:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.6:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.5:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.7:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.17:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.15:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.39:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.32:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.30:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.25:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.23:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.59:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.57:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.50:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.48:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.41:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.14:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.13:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.37:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.36:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.35:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.34:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.21:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.46:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.45:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.44:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.43:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.22:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.21:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.20:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.19:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.29:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.28:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.27:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.26:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.55:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.54:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.53:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.52:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.51:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.18:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.16:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.40:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.38:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.33:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.31:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.24:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.22:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.58:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.56:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.49:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.47:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.42:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.40:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.24:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.25:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.27:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.23:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.24:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.26:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.9.3:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.9.4:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.9.2:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.42:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.41:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.45:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.43:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.47:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.64:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.63:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.62:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.61:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.46:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.44:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.60:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-4955
0.20%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 57 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-4955
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST | |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2017-4955
-
Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-4955
-
https://pivotal.io/security/cve-2017-4955
CVE-2017-4955 Credentials in Elastic Runtime Notifications errand log | Security | PivotalMitigation;Vendor Advisory
-
http://www.securityfocus.com/bid/97082
Pivotal Cloud Foundry Elastic Runtime CVE-2017-4955 Information Disclosure VulnerabilityThird Party Advisory;VDB Entry
Jump to