CVE-2017-4955

CRITICAL

Pivotal PCF Elastic Runtime <1.6.65-<1.9.5 - Info Disclosure

Title source: llm
STIX 2.1

Description

An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.65, 1.7.x versions prior to 1.7.48, 1.8.x versions prior to 1.8.28, and 1.9.x versions prior to 1.9.5. Several credentials were present in the logs for the Notifications errand in the PCF Elastic Runtime tile.

References (2)

Core 2
Core References
Mitigation, Vendor Advisory x_refsource_confirm
https://pivotal.io/security/cve-2017-4955
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/97082

Scores

CVSS v3 9.8
EPSS 0.0041
EPSS Percentile 61.4%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-532
Status published
Products (50)
n/a/PCF Elastic Runtime PCF Elastic Runtime
pivotal_software/cloud_foundry_elastic_runtime 1.6.0
pivotal_software/cloud_foundry_elastic_runtime 1.6.1
pivotal_software/cloud_foundry_elastic_runtime 1.6.2
pivotal_software/cloud_foundry_elastic_runtime 1.6.3
pivotal_software/cloud_foundry_elastic_runtime 1.6.4
pivotal_software/cloud_foundry_elastic_runtime 1.6.5
pivotal_software/cloud_foundry_elastic_runtime 1.6.6
pivotal_software/cloud_foundry_elastic_runtime 1.6.7
pivotal_software/cloud_foundry_elastic_runtime 1.6.8
... and 40 more
Published Jun 13, 2017
Tracked Since Feb 18, 2026