CVE-2021-22100

MEDIUM

Cloud Foundry CAPI < 1.122.0 and cf-deployment < 17.1.0 - Denial of Service via Malicious Service Broker

Title source: llm

Description

In cloud foundry CAPI versions prior to 1.122, a denial-of-service attack in which a developer can push a service broker that (accidentally or maliciously) causes CC instances to timeout and fail is possible. An attacker can leverage this vulnerability to cause an inability for anyone to push or manage apps.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc

https://www.cloudfoundry.org/blog/cve-2021-22100-cloud-controller-is-vulnerable-to-denial-of-service-due-to-misbehaving-service-brokers/

Scores

CVSS v3 5.3

EPSS 0.0088

EPSS Percentile 54.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Details

CWE

CWE-400

Status published

Products (2)

cloudfoundry/capi-release < 1.122.0

cloudfoundry/cf-deployment < 17.1.0

Published Mar 25, 2022

Tracked Since Feb 18, 2026