VIR Vulnerability Intelligence Relay

CVE-2017-4973

high
Published 2017-06-13 · Modified 2024-03-01
CVSS v3
8.8
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS v2
6.5
VIR risk
8.8

Description

Cloud Foundry UAA Privilege Escalation

Predictions

Exploit likelihood
92%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: security_alert@emc.com — https://www.cloudfoundry.org/cve-2017-4973/

Package impact
EcosystemPackageVulnerableFixed
java Mavenorg.cloudfoundry.identity:cloudfoundry-identity-server>=2.0.0,<2.7.4.142.7.4.14
java Mavenorg.cloudfoundry.identity:cloudfoundry-identity-server>=3.0.0,<3.6.83.6.8
java Mavenorg.cloudfoundry.identity:cloudfoundry-identity-server>=3.7.0,<3.9.103.9.10
java Mavenorg.cloudfoundry.identity:cloudfoundry-identity-server>=3.10.0,<3.15.03.15.0

Application impact
VendorProductVersionsFixed
cloudfoundrycloud_foundry_uaa_bosh{"endIncluding":"30"}
cloudfoundrycloud_foundry_uaa_bosh13.1
cloudfoundrycloud_foundry_uaa_bosh13.2
cloudfoundrycloud_foundry_uaa_bosh13.3
cloudfoundrycloud_foundry_uaa_bosh13.4
cloudfoundrycloud_foundry_uaa_bosh13.5
cloudfoundrycloud_foundry_uaa_bosh13.6
cloudfoundrycloud_foundry_uaa_bosh13.7
cloudfoundrycloud_foundry_uaa_bosh13.8
cloudfoundrycloud_foundry_uaa_bosh13.9
cloudfoundrycloud_foundry_uaa_bosh13.10
cloudfoundrycloud_foundry_uaa_bosh13.11
cloudfoundrycloud_foundry_uaa_bosh24
cloudfoundrycloud_foundry_uaa_bosh24.1
cloudfoundrycloud_foundry_uaa_bosh24.2
cloudfoundrycloud_foundry_uaa_bosh24.3
cloudfoundrycloud_foundry_uaa_bosh24.4
cloudfoundrycloud_foundry_uaa_bosh24.5
cloudfoundrycloud_foundry_uaa_bosh24.6
cloudfoundrycloud_foundry_uaa_bosh30.1
cloudfoundrycloud_foundry_uaa_bosh30.2
cloudfoundrycloud_foundry_uaa_bosh30.3
pivotal_softwarecloud_foundry_cf{"endIncluding":"256"}
pivotal_softwarecloud_foundry_uaa2.2.5.4
pivotal_softwarecloud_foundry_uaa2.7.1
pivotal_softwarecloud_foundry_uaa2.7.2
pivotal_softwarecloud_foundry_uaa2.7.3
pivotal_softwarecloud_foundry_uaa2.7.4
pivotal_softwarecloud_foundry_uaa2.7.4.1
pivotal_softwarecloud_foundry_uaa2.7.4.2
pivotal_softwarecloud_foundry_uaa2.7.4.3
pivotal_softwarecloud_foundry_uaa2.7.4.4
pivotal_softwarecloud_foundry_uaa2.7.4.5
pivotal_softwarecloud_foundry_uaa2.7.4.6
pivotal_softwarecloud_foundry_uaa2.7.4.7
pivotal_softwarecloud_foundry_uaa2.7.4.8
pivotal_softwarecloud_foundry_uaa2.7.4.9
pivotal_softwarecloud_foundry_uaa2.7.4.11
pivotal_softwarecloud_foundry_uaa2.7.4.12
pivotal_softwarecloud_foundry_uaa2.7.4.13
pivotal_softwarecloud_foundry_uaa3.6.1
pivotal_softwarecloud_foundry_uaa3.6.2
pivotal_softwarecloud_foundry_uaa3.6.3
pivotal_softwarecloud_foundry_uaa3.6.4
pivotal_softwarecloud_foundry_uaa3.6.5
pivotal_softwarecloud_foundry_uaa3.6.6
pivotal_softwarecloud_foundry_uaa3.6.7
pivotal_softwarecloud_foundry_uaa3.9.1
pivotal_softwarecloud_foundry_uaa3.9.2
pivotal_softwarecloud_foundry_uaa3.9.3
pivotal_softwarecloud_foundry_uaa3.9.4
pivotal_softwarecloud_foundry_uaa3.9.5
pivotal_softwarecloud_foundry_uaa3.9.6
pivotal_softwarecloud_foundry_uaa3.9.7
pivotal_softwarecloud_foundry_uaa3.9.8
pivotal_softwarecloud_foundry_uaa3.9.9
pivotal_softwarecloud_foundry_uaa3.9.12
pivotal_softwarecloud_foundry_uaa3.9.13

References

CWEs

CWE-269

Verify integrity in audit chain (admin only). AS-IS.