Denial of Service Risk in Cloud Foundry and UAA Software
CVE-2017-4960

7.5HIGH

What is CVE-2017-4960?

An issue within Cloud Foundry releases v247 to v252 and UAA versions v3.9.0 to v3.11.0 has been identified, allowing attackers to potentially disrupt services by leveraging a denial of service attack against UAA OAuth clients. This issue may compromise the availability of applications relying on these services, highlighting the need for prompt mitigation.

Affected Version(s)

Cloud Foundry Foundation Cloud Foundry release v247 - v252, UAA stand-alone release v3.9.0 - v3.11.0, UAA Bosh Release v21 - v26 Cloud Foundry Foundation Cloud Foundry release v247 - v252, UAA stand-alone release v3.9.0 - v3.11.0, UAA Bosh Release v21 - v26

References

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.