Search
Find a vulnerability
Search criteria
6 vulnerabilities found for single_sign-on_for_pivotal_cloud_foundry by vmware
CVE-2017-8044 (GCVE-0-2017-8044)
Vulnerability from nvd – Published: 2017-11-27 10:00 – Updated: 2024-08-05 16:19
VLAI
Summary
In Pivotal Single Sign-On for PCF (1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3), certain pages allow code to be injected into the DOM environment through query parameters, leading to XSS attacks.
Severity
No CVSS data available.
CWE
- XSS vulnerability
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://pivotal.io/security/cve-2017-8044 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/100618 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Single Sign-On for PCF 1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3 |
Affected:
Single Sign-On for PCF 1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3
|
Date Public
2017-11-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:19:29.680Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2017-8044"
},
{
"name": "100618",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100618"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Single Sign-On for PCF 1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Single Sign-On for PCF 1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3"
}
]
}
],
"datePublic": "2017-11-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In Pivotal Single Sign-On for PCF (1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3), certain pages allow code to be injected into the DOM environment through query parameters, leading to XSS attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XSS vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-27T10:57:02.000Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2017-8044"
},
{
"name": "100618",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100618"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2017-8044",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Single Sign-On for PCF 1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3",
"version": {
"version_data": [
{
"version_value": "Single Sign-On for PCF 1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Pivotal Single Sign-On for PCF (1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3), certain pages allow code to be injected into the DOM environment through query parameters, leading to XSS attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XSS vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pivotal.io/security/cve-2017-8044",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2017-8044"
},
{
"name": "100618",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100618"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2017-8044",
"datePublished": "2017-11-27T10:00:00.000Z",
"dateReserved": "2017-04-21T00:00:00.000Z",
"dateUpdated": "2024-08-05T16:19:29.680Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-8041 (GCVE-0-2017-8041)
Vulnerability from nvd – Published: 2017-09-09 01:00 – Updated: 2024-08-05 16:19
VLAI
Summary
In Single Sign-On for Pivotal Cloud Foundry (PCF) 1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3, a user can execute a XSS attack on certain Single Sign-On service UI pages by inputting code in the text field for an organization name.
Severity
No CVSS data available.
CWE
- XSS vulnerability
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/100615 | vdb-entryx_refsource_BID |
| https://pivotal.io/security/cve-2017-8041 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | PCF Single Sign-On for PCF:1.3.x versions prior to 1.3.4, 1.4.x versions prior to 1.4.3 |
Affected:
PCF Single Sign-On for PCF:1.3.x versions prior to 1.3.4, 1.4.x versions prior to 1.4.3
|
Date Public
2017-09-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:19:29.823Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "100615",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100615"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2017-8041"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PCF Single Sign-On for PCF:1.3.x versions prior to 1.3.4, 1.4.x versions prior to 1.4.3",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "PCF Single Sign-On for PCF:1.3.x versions prior to 1.3.4, 1.4.x versions prior to 1.4.3"
}
]
}
],
"datePublic": "2017-09-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In Single Sign-On for Pivotal Cloud Foundry (PCF) 1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3, a user can execute a XSS attack on certain Single Sign-On service UI pages by inputting code in the text field for an organization name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XSS vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-09T09:57:01.000Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "100615",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100615"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2017-8041"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2017-8041",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PCF Single Sign-On for PCF:1.3.x versions prior to 1.3.4, 1.4.x versions prior to 1.4.3",
"version": {
"version_data": [
{
"version_value": "PCF Single Sign-On for PCF:1.3.x versions prior to 1.3.4, 1.4.x versions prior to 1.4.3"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Single Sign-On for Pivotal Cloud Foundry (PCF) 1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3, a user can execute a XSS attack on certain Single Sign-On service UI pages by inputting code in the text field for an organization name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XSS vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100615",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100615"
},
{
"name": "https://pivotal.io/security/cve-2017-8041",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2017-8041"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2017-8041",
"datePublished": "2017-09-09T01:00:00.000Z",
"dateReserved": "2017-04-21T00:00:00.000Z",
"dateUpdated": "2024-08-05T16:19:29.823Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-8040 (GCVE-0-2017-8040)
Vulnerability from nvd – Published: 2017-09-09 01:00 – Updated: 2024-08-05 16:19
VLAI
Summary
In Single Sign-On for Pivotal Cloud Foundry (PCF) 1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3, an XXE (XML External Entity) attack was discovered in the Single Sign-On service dashboard. Privileged users can in some cases upload malformed XML leading to exposure of data on the Single Sign-On service broker file system.
Severity
No CVSS data available.
CWE
- XXE Vulnerability
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://pivotal.io/security/cve-2017-8040 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/100617 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | PCF Single Sign-On for PCF:1.3.x versions prior to 1.3.4, 1.4.x versions prior to 1.4.3 |
Affected:
PCF Single Sign-On for PCF:1.3.x versions prior to 1.3.4, 1.4.x versions prior to 1.4.3
|
Date Public
2017-09-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:19:29.784Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2017-8040"
},
{
"name": "100617",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100617"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PCF Single Sign-On for PCF:1.3.x versions prior to 1.3.4, 1.4.x versions prior to 1.4.3",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "PCF Single Sign-On for PCF:1.3.x versions prior to 1.3.4, 1.4.x versions prior to 1.4.3"
}
]
}
],
"datePublic": "2017-09-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In Single Sign-On for Pivotal Cloud Foundry (PCF) 1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3, an XXE (XML External Entity) attack was discovered in the Single Sign-On service dashboard. Privileged users can in some cases upload malformed XML leading to exposure of data on the Single Sign-On service broker file system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XXE Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-09T09:57:01.000Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2017-8040"
},
{
"name": "100617",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100617"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2017-8040",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PCF Single Sign-On for PCF:1.3.x versions prior to 1.3.4, 1.4.x versions prior to 1.4.3",
"version": {
"version_data": [
{
"version_value": "PCF Single Sign-On for PCF:1.3.x versions prior to 1.3.4, 1.4.x versions prior to 1.4.3"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Single Sign-On for Pivotal Cloud Foundry (PCF) 1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3, an XXE (XML External Entity) attack was discovered in the Single Sign-On service dashboard. Privileged users can in some cases upload malformed XML leading to exposure of data on the Single Sign-On service broker file system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XXE Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pivotal.io/security/cve-2017-8040",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2017-8040"
},
{
"name": "100617",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100617"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2017-8040",
"datePublished": "2017-09-09T01:00:00.000Z",
"dateReserved": "2017-04-21T00:00:00.000Z",
"dateUpdated": "2024-08-05T16:19:29.784Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-8044 (GCVE-0-2017-8044)
Vulnerability from cvelistv5 – Published: 2017-11-27 10:00 – Updated: 2024-08-05 16:19
VLAI
Summary
In Pivotal Single Sign-On for PCF (1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3), certain pages allow code to be injected into the DOM environment through query parameters, leading to XSS attacks.
Severity
No CVSS data available.
CWE
- XSS vulnerability
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://pivotal.io/security/cve-2017-8044 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/100618 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Single Sign-On for PCF 1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3 |
Affected:
Single Sign-On for PCF 1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3
|
Date Public
2017-11-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:19:29.680Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2017-8044"
},
{
"name": "100618",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100618"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Single Sign-On for PCF 1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Single Sign-On for PCF 1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3"
}
]
}
],
"datePublic": "2017-11-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In Pivotal Single Sign-On for PCF (1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3), certain pages allow code to be injected into the DOM environment through query parameters, leading to XSS attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XSS vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-27T10:57:02.000Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2017-8044"
},
{
"name": "100618",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100618"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2017-8044",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Single Sign-On for PCF 1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3",
"version": {
"version_data": [
{
"version_value": "Single Sign-On for PCF 1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Pivotal Single Sign-On for PCF (1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3), certain pages allow code to be injected into the DOM environment through query parameters, leading to XSS attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XSS vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pivotal.io/security/cve-2017-8044",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2017-8044"
},
{
"name": "100618",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100618"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2017-8044",
"datePublished": "2017-11-27T10:00:00.000Z",
"dateReserved": "2017-04-21T00:00:00.000Z",
"dateUpdated": "2024-08-05T16:19:29.680Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-8040 (GCVE-0-2017-8040)
Vulnerability from cvelistv5 – Published: 2017-09-09 01:00 – Updated: 2024-08-05 16:19
VLAI
Summary
In Single Sign-On for Pivotal Cloud Foundry (PCF) 1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3, an XXE (XML External Entity) attack was discovered in the Single Sign-On service dashboard. Privileged users can in some cases upload malformed XML leading to exposure of data on the Single Sign-On service broker file system.
Severity
No CVSS data available.
CWE
- XXE Vulnerability
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://pivotal.io/security/cve-2017-8040 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/100617 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | PCF Single Sign-On for PCF:1.3.x versions prior to 1.3.4, 1.4.x versions prior to 1.4.3 |
Affected:
PCF Single Sign-On for PCF:1.3.x versions prior to 1.3.4, 1.4.x versions prior to 1.4.3
|
Date Public
2017-09-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:19:29.784Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2017-8040"
},
{
"name": "100617",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100617"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PCF Single Sign-On for PCF:1.3.x versions prior to 1.3.4, 1.4.x versions prior to 1.4.3",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "PCF Single Sign-On for PCF:1.3.x versions prior to 1.3.4, 1.4.x versions prior to 1.4.3"
}
]
}
],
"datePublic": "2017-09-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In Single Sign-On for Pivotal Cloud Foundry (PCF) 1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3, an XXE (XML External Entity) attack was discovered in the Single Sign-On service dashboard. Privileged users can in some cases upload malformed XML leading to exposure of data on the Single Sign-On service broker file system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XXE Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-09T09:57:01.000Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2017-8040"
},
{
"name": "100617",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100617"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2017-8040",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PCF Single Sign-On for PCF:1.3.x versions prior to 1.3.4, 1.4.x versions prior to 1.4.3",
"version": {
"version_data": [
{
"version_value": "PCF Single Sign-On for PCF:1.3.x versions prior to 1.3.4, 1.4.x versions prior to 1.4.3"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Single Sign-On for Pivotal Cloud Foundry (PCF) 1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3, an XXE (XML External Entity) attack was discovered in the Single Sign-On service dashboard. Privileged users can in some cases upload malformed XML leading to exposure of data on the Single Sign-On service broker file system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XXE Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pivotal.io/security/cve-2017-8040",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2017-8040"
},
{
"name": "100617",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100617"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2017-8040",
"datePublished": "2017-09-09T01:00:00.000Z",
"dateReserved": "2017-04-21T00:00:00.000Z",
"dateUpdated": "2024-08-05T16:19:29.784Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-8041 (GCVE-0-2017-8041)
Vulnerability from cvelistv5 – Published: 2017-09-09 01:00 – Updated: 2024-08-05 16:19
VLAI
Summary
In Single Sign-On for Pivotal Cloud Foundry (PCF) 1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3, a user can execute a XSS attack on certain Single Sign-On service UI pages by inputting code in the text field for an organization name.
Severity
No CVSS data available.
CWE
- XSS vulnerability
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/100615 | vdb-entryx_refsource_BID |
| https://pivotal.io/security/cve-2017-8041 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | PCF Single Sign-On for PCF:1.3.x versions prior to 1.3.4, 1.4.x versions prior to 1.4.3 |
Affected:
PCF Single Sign-On for PCF:1.3.x versions prior to 1.3.4, 1.4.x versions prior to 1.4.3
|
Date Public
2017-09-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:19:29.823Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "100615",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100615"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2017-8041"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PCF Single Sign-On for PCF:1.3.x versions prior to 1.3.4, 1.4.x versions prior to 1.4.3",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "PCF Single Sign-On for PCF:1.3.x versions prior to 1.3.4, 1.4.x versions prior to 1.4.3"
}
]
}
],
"datePublic": "2017-09-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In Single Sign-On for Pivotal Cloud Foundry (PCF) 1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3, a user can execute a XSS attack on certain Single Sign-On service UI pages by inputting code in the text field for an organization name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XSS vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-09T09:57:01.000Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "100615",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100615"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2017-8041"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2017-8041",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PCF Single Sign-On for PCF:1.3.x versions prior to 1.3.4, 1.4.x versions prior to 1.4.3",
"version": {
"version_data": [
{
"version_value": "PCF Single Sign-On for PCF:1.3.x versions prior to 1.3.4, 1.4.x versions prior to 1.4.3"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Single Sign-On for Pivotal Cloud Foundry (PCF) 1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3, a user can execute a XSS attack on certain Single Sign-On service UI pages by inputting code in the text field for an organization name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XSS vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100615",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100615"
},
{
"name": "https://pivotal.io/security/cve-2017-8041",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2017-8041"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2017-8041",
"datePublished": "2017-09-09T01:00:00.000Z",
"dateReserved": "2017-04-21T00:00:00.000Z",
"dateUpdated": "2024-08-05T16:19:29.823Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}