CVE-2017-4959 : An issue was discovered in Pivotal PCF Elastic Runtime 1.8.x versions prior to 1

An issue was discovered in Pivotal PCF Elastic Runtime 1.8.x versions prior to 1.8.29 and 1.9.x versions prior to 1.9.7. Pivotal Cloud Foundry deployments using the Pivotal Account application are vulnerable to a flaw which allows an authorized user to take over the account of another user, causing account lockout and potential escalation of privileges.

Published 2017-06-13 06:29:00

Updated 2019-10-03 00:03:26

Source Dell

View at NVD, CVE.org

Products affected by CVE-2017-4959

Pivotal Software » Cloud Foundry Elastic Runtime » Version: 1.8.0
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.0:*:*:*:*:*:*:*
Matching versions
Pivotal Software » Cloud Foundry Elastic Runtime » Version: 1.8.1
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.1:*:*:*:*:*:*:*
Matching versions
Pivotal Software » Cloud Foundry Elastic Runtime » Version: 1.8.2
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.2:*:*:*:*:*:*:*
Matching versions
Pivotal Software » Cloud Foundry Elastic Runtime » Version: 1.8.3
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.3:*:*:*:*:*:*:*
Matching versions
Pivotal Software » Cloud Foundry Elastic Runtime » Version: 1.8.8
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.8:*:*:*:*:*:*:*
Matching versions
Pivotal Software » Cloud Foundry Elastic Runtime » Version: 1.8.9
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.9:*:*:*:*:*:*:*
Matching versions
Pivotal Software » Cloud Foundry Elastic Runtime » Version: 1.8.10
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.10:*:*:*:*:*:*:*
Matching versions
Pivotal Software » Cloud Foundry Elastic Runtime » Version: 1.8.11
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.11:*:*:*:*:*:*:*
Matching versions
Pivotal Software » Cloud Foundry Elastic Runtime » Version: 1.8.12
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.12:*:*:*:*:*:*:*
Matching versions
Pivotal Software » Cloud Foundry Elastic Runtime » Version: 1.8.4
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.4:*:*:*:*:*:*:*
Matching versions
Pivotal Software » Cloud Foundry Elastic Runtime » Version: 1.8.6
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.6:*:*:*:*:*:*:*
Matching versions
Pivotal Software » Cloud Foundry Elastic Runtime » Version: 1.8.5
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.5:*:*:*:*:*:*:*
Matching versions
Pivotal Software » Cloud Foundry Elastic Runtime » Version: 1.8.7
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.7:*:*:*:*:*:*:*
Matching versions
Pivotal Software » Cloud Foundry Elastic Runtime » Version: 1.8.17
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.17:*:*:*:*:*:*:*
Matching versions
Pivotal Software » Cloud Foundry Elastic Runtime » Version: 1.8.15
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.15:*:*:*:*:*:*:*
Matching versions
Pivotal Software » Cloud Foundry Elastic Runtime » Version: 1.8.14
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.14:*:*:*:*:*:*:*
Matching versions
Pivotal Software » Cloud Foundry Elastic Runtime » Version: 1.8.13
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.13:*:*:*:*:*:*:*
Matching versions
Pivotal Software » Cloud Foundry Elastic Runtime » Version: 1.9.0
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.9.0:*:*:*:*:*:*:*
Matching versions
Pivotal Software » Cloud Foundry Elastic Runtime » Version: 1.8.22
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.22:*:*:*:*:*:*:*
Matching versions
Pivotal Software » Cloud Foundry Elastic Runtime » Version: 1.8.21
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.21:*:*:*:*:*:*:*
Matching versions
Pivotal Software » Cloud Foundry Elastic Runtime » Version: 1.8.20
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.20:*:*:*:*:*:*:*
Matching versions
Pivotal Software » Cloud Foundry Elastic Runtime » Version: 1.8.19
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.19:*:*:*:*:*:*:*
Matching versions
Pivotal Software » Cloud Foundry Elastic Runtime » Version: 1.8.18
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.18:*:*:*:*:*:*:*
Matching versions
Pivotal Software » Cloud Foundry Elastic Runtime » Version: 1.8.16
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.16:*:*:*:*:*:*:*
Matching versions
Pivotal Software » Cloud Foundry Elastic Runtime » Version: 1.8.25
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.25:*:*:*:*:*:*:*
Matching versions
Pivotal Software » Cloud Foundry Elastic Runtime » Version: 1.8.27
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.27:*:*:*:*:*:*:*
Matching versions
Pivotal Software » Cloud Foundry Elastic Runtime » Version: 1.8.28
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.28:*:*:*:*:*:*:*
Matching versions
Pivotal Software » Cloud Foundry Elastic Runtime » Version: 1.8.23
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.23:*:*:*:*:*:*:*
Matching versions
Pivotal Software » Cloud Foundry Elastic Runtime » Version: 1.8.24
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.24:*:*:*:*:*:*:*
Matching versions
Pivotal Software » Cloud Foundry Elastic Runtime » Version: 1.8.26
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.26:*:*:*:*:*:*:*
Matching versions
Pivotal Software » Cloud Foundry Elastic Runtime » Version: 1.9.1
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.9.1:*:*:*:*:*:*:*
Matching versions
Pivotal Software » Cloud Foundry Elastic Runtime » Version: 1.9.3
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.9.3:*:*:*:*:*:*:*
Matching versions
Pivotal Software » Cloud Foundry Elastic Runtime » Version: 1.9.4
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.9.4:*:*:*:*:*:*:*
Matching versions
Pivotal Software » Cloud Foundry Elastic Runtime » Version: 1.9.5
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.9.5:*:*:*:*:*:*:*
Matching versions
Pivotal Software » Cloud Foundry Elastic Runtime » Version: 1.9.6
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.9.6:*:*:*:*:*:*:*
Matching versions
Pivotal Software » Cloud Foundry Elastic Runtime » Version: 1.9.2
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.9.2:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2017-4959

EPSS FAQ

0.53%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 64 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2017-4959

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.5	MEDIUM	AV:N/AC:L/Au:S/C:P/I:P/A:P	8.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
8.8	HIGH	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	2.8	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

References for CVE-2017-4959

http://www.securityfocus.com/bid/96218

Pivotal Cloud Foundry Elastic Runtime CVE-2017-4959 Privilege Escalation Vulnerability
Third Party Advisory;VDB Entry
https://pivotal.io/security/cve-2017-4959

CVE-2017-4959 Pivotal Cloud Foundry account authorization vulnerability | Security | Pivotal
Vendor Advisory

Jump to

Vulnerability Details : CVE-2017-4959

Products affected by CVE-2017-4959

Exploit prediction scoring system (EPSS) score for CVE-2017-4959

CVSS scores for CVE-2017-4959

References for CVE-2017-4959