VIR Vulnerability Intelligence Relay

CVE-2017-4991

high
Published 2017-06-13 · Modified 2024-03-01
CVSS v3
7.2
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVSS v2
6.5
VIR risk
7.2

Description

Cloud Foundry UAA password reset vulnerability

Predictions

Exploit likelihood
81%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: security_alert@emc.com — https://www.cloudfoundry.org/cve-2017-4991/

Package impact
EcosystemPackageVulnerableFixed
java Mavenorg.cloudfoundry.identity:cloudfoundry-identity-server>=2.0.0,<2.7.4.162.7.4.16
java Mavenorg.cloudfoundry.identity:cloudfoundry-identity-server>=3.0.0,<3.6.103.6.10
java Mavenorg.cloudfoundry.identity:cloudfoundry-identity-server>=3.7.0,<3.9.123.9.12
java Mavenorg.cloudfoundry.identity:cloudfoundry-identity-server>=3.10.0,<3.17.03.17.0

Application impact
VendorProductVersionsFixed
cloudfoundrycf-release{"endIncluding":"259"}
cloudfoundrycloud_foundry_uaa_bosh{"endIncluding":"35"}
cloudfoundrycloud_foundry_uaa_bosh13.1
cloudfoundrycloud_foundry_uaa_bosh13.2
cloudfoundrycloud_foundry_uaa_bosh13.3
cloudfoundrycloud_foundry_uaa_bosh13.4
cloudfoundrycloud_foundry_uaa_bosh13.5
cloudfoundrycloud_foundry_uaa_bosh13.6
cloudfoundrycloud_foundry_uaa_bosh13.7
cloudfoundrycloud_foundry_uaa_bosh13.8
cloudfoundrycloud_foundry_uaa_bosh13.9
cloudfoundrycloud_foundry_uaa_bosh13.10
cloudfoundrycloud_foundry_uaa_bosh13.11
cloudfoundrycloud_foundry_uaa_bosh13.12
cloudfoundrycloud_foundry_uaa_bosh13.13
cloudfoundrycloud_foundry_uaa_bosh24
cloudfoundrycloud_foundry_uaa_bosh24.1
cloudfoundrycloud_foundry_uaa_bosh24.2
cloudfoundrycloud_foundry_uaa_bosh24.3
cloudfoundrycloud_foundry_uaa_bosh24.4
cloudfoundrycloud_foundry_uaa_bosh24.5
cloudfoundrycloud_foundry_uaa_bosh24.6
cloudfoundrycloud_foundry_uaa_bosh24.7
cloudfoundrycloud_foundry_uaa_bosh24.8
cloudfoundrycloud_foundry_uaa_bosh24.9
cloudfoundrycloud_foundry_uaa_bosh24.10
cloudfoundrycloud_foundry_uaa_bosh30
cloudfoundrycloud_foundry_uaa_bosh30.1
pivotal_softwarecloud_foundry_uaa{"endIncluding":"4.2.0"}
pivotal_softwarecloud_foundry_uaa2.2.5.4
pivotal_softwarecloud_foundry_uaa2.7.1
pivotal_softwarecloud_foundry_uaa2.7.2
pivotal_softwarecloud_foundry_uaa2.7.3
pivotal_softwarecloud_foundry_uaa2.7.4
pivotal_softwarecloud_foundry_uaa2.7.4.1
pivotal_softwarecloud_foundry_uaa2.7.4.2
pivotal_softwarecloud_foundry_uaa2.7.4.3
pivotal_softwarecloud_foundry_uaa2.7.4.4
pivotal_softwarecloud_foundry_uaa2.7.4.5
pivotal_softwarecloud_foundry_uaa2.7.4.6
pivotal_softwarecloud_foundry_uaa2.7.4.7
pivotal_softwarecloud_foundry_uaa2.7.4.8
pivotal_softwarecloud_foundry_uaa2.7.4.9
pivotal_softwarecloud_foundry_uaa2.7.4.11
pivotal_softwarecloud_foundry_uaa2.7.4.12
pivotal_softwarecloud_foundry_uaa2.7.4.13
pivotal_softwarecloud_foundry_uaa2.7.4.14
pivotal_softwarecloud_foundry_uaa2.7.4.15
pivotal_softwarecloud_foundry_uaa3.6.1
pivotal_softwarecloud_foundry_uaa3.6.2
pivotal_softwarecloud_foundry_uaa3.6.3
pivotal_softwarecloud_foundry_uaa3.6.4
pivotal_softwarecloud_foundry_uaa3.6.5
pivotal_softwarecloud_foundry_uaa3.6.6
pivotal_softwarecloud_foundry_uaa3.6.7
pivotal_softwarecloud_foundry_uaa3.6.8
pivotal_softwarecloud_foundry_uaa3.6.9
pivotal_softwarecloud_foundry_uaa3.9.1
pivotal_softwarecloud_foundry_uaa3.9.2
pivotal_softwarecloud_foundry_uaa3.9.3
pivotal_softwarecloud_foundry_uaa3.9.4
pivotal_softwarecloud_foundry_uaa3.9.5
pivotal_softwarecloud_foundry_uaa3.9.6
pivotal_softwarecloud_foundry_uaa3.9.7
pivotal_softwarecloud_foundry_uaa3.9.8
pivotal_softwarecloud_foundry_uaa3.9.9

References

CWEs

CWE-269

Verify integrity in audit chain (admin only). AS-IS.