CVE-2017-4972
https://notcve.org/view.php?id=CVE-2017-4972
An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v257; UAA release 2.x versions prior to v2.7.4.14, 3.6.x versions prior to v3.6.8, 3.9.x versions prior to v3.9.10, and other versions prior to v3.15.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.12, 24.x versions prior to v24.7, and other versions prior to v30. An attacker can use a blind SQL injection attack to query the contents of the UAA database. Se detectó un problema en cf-release versiones anteriores a v257; UAA release versiones 2.x anteriores a v2.7.4.14, versiones 3.6.x anteriores a v3.6.8, versiones 3.9.x anteriores a v3.9.10, y otras versiones anteriores a v3.15.0; y UAA bosh release (uaa-release) versiones 13.x anteriores a v13.12, versiones 24.x anteriores a v24.7, y otras versiones anteriores a v30 de Cloud Foundry Foundation. Un atacante puede usar un ataque de inyección de SQL a ciegas para consultar el contenido de la base de datos UAA. • https://www.cloudfoundry.org/cve-2017-4972 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2017-4992
https://notcve.org/view.php?id=CVE-2017-4992
An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v261; UAA release 2.x versions prior to v2.7.4.17, 3.6.x versions prior to v3.6.11, 3.9.x versions prior to v3.9.13, and other versions prior to v4.2.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.15, 24.x versions prior to v24.10, 30.x versions prior to 30.3, and other versions prior to v37. There is privilege escalation (arbitrary password reset) with user invitations. Se detectó un problema en cf-release versiones anteriores a 261; UAA release versiones 2.x anteriores a 2.7.4.17, versiones 3.6.x anteriores a 3.6.11, versiones 3.9.x anteriores a 3.9.13, y otras versiones anteriores a 4.2.0; y UAA bosh release (uaa-release) versiones 13.x anteriores a 13.15, versiones 24.x anteriores a 24.10, versiones 30.x anteriores a 30.3 y otras versiones anteriores a 37 de Cloud Foundry Foundation. Se presenta una escalada de privilegios (restablecimiento arbitrario de contraseña) con invitaciones de usuario. • https://www.cloudfoundry.org/cve-2017-4992 • CWE-269: Improper Privilege Management •
CVE-2017-4960
https://notcve.org/view.php?id=CVE-2017-4960
An issue was discovered in Cloud Foundry release v247 through v252, UAA stand-alone release v3.9.0 through v3.11.0, and UAA Bosh Release v21 through v26. There is a potential to subject the UAA OAuth clients to a denial of service attack. Se ha descubierto un problema en Cloud Foundry release v247 hasta la versión v252, UAA stand-alone release v3.9.0 hasta la versión v3.11.0 y UAA Bosh Release v21 hasta la versión v26. Hay un potencial para someter a los clientes UAA OAuth a un ataque de denegación de servicio. • http://www.securityfocus.com/bid/96780 https://www.cloudfoundry.org/cve-2017-4960 •