Vulnerability Details CVE-2017-4973
An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v257; UAA release 2.x versions prior to v2.7.4.14, 3.6.x versions prior to v3.6.8, 3.9.x versions prior to v3.9.10, and other versions prior to v3.15.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.12, 24.x versions prior to v24.7, and other versions prior to v30. A vulnerability has been identified with the groups endpoint in UAA allowing users to elevate their privileges.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 53.5%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.5
Products affected by CVE-2017-4973
-
cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:10
-
cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:11
-
cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:11.1
-
cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:11.2
-
cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:11.3
-
cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:11.4
-
cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:11.5
-
cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:11.7
-
cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:12
-
cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:12.1
-
cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:12.2
-
cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:12.3
-
cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:12.4
-
cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:12.5
-
cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:12.6
-
cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13
-
cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.1
-
cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.10
-
cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.11
-
cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.12
-
cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.13
-
cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.14
-
cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.15
-
cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.16
-
cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.17
-
cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.18
-
cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.2
-
cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.3
-
cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.4
-
cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.5
-
cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.6
-
cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.7
-
cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.8
-
cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.9
-
cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:14
-
cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:15
-
cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:16
-
cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:17
-
cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:18
-
cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:19
-
cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:2
-
cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:20
-
cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:21
-
cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:22
-
cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:23
-
cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24
-
cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.1
-
cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.10
-
cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.11
-
cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.12
-
cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.13
-
cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.14
-
cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.2
-
cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.3
-
cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.4
-
cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.5
-
cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.6
-
cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.7
-
cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.8
-
cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.9
-
cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:25
-
cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:26
-
cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:27
-
cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:28
-
cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:29
-
cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:3
-
cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:30
-
cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:30.1
-
cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:30.2
-
cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:30.3
-
cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:4
-
cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:5
-
cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:6
-
cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:7
-
cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:8
-
cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:9
-
cpe:2.3:a:pivotal_software:cloud_foundry_cf:*
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.2.5.4
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.1
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.2
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.3
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.1
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.11
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.12
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.13
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.2
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.3
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.4
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.5
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.6
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.7
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.8
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.9
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.1
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.2
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.3
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.4
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.5
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.6
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.7
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.1
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.12
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.13
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.2
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.3
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.4
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.5
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.6
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.7
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.8
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.9