Session Fixation Vulnerability in Cloud Foundry by Cloud Foundry Foundation
CVE-2017-4963

8.1HIGH

Key Information:

Vendor
CVE Published:
13 June 2017

What is CVE-2017-4963?

A session fixation vulnerability exists in Cloud Foundry and its components, affecting configurations that authenticate against external identity providers such as SAML or OpenID Connect. This flaw can allow an attacker to hijack a user's session, posing significant security risks. It is crucial for users of the affected versions to implement safeguards to mitigate potential threats.

Affected Version(s)

Cloud Foundry Foundation Cloud Foundry Foundation

References

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.