Vulnerability Details CVE-2019-3784
Cloud Foundry Stratos, versions prior to 2.3.0, contains an insecure session that can be spoofed. When deployed on cloud foundry with multiple instances using the default embedded SQLite database, a remote authenticated malicious user can switch sessions to another user with the same session id.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 40.2%
CVSS Severity
CVSS v3 Score 8.2
CVSS v2 Score 4.0
Products affected by CVE-2019-3784
-
cpe:2.3:a:cloudfoundry:stratos:0.9.0
-
cpe:2.3:a:cloudfoundry:stratos:0.9.1
-
cpe:2.3:a:cloudfoundry:stratos:0.9.2
-
cpe:2.3:a:cloudfoundry:stratos:0.9.5
-
cpe:2.3:a:cloudfoundry:stratos:0.9.6
-
cpe:2.3:a:cloudfoundry:stratos:0.9.7
-
cpe:2.3:a:cloudfoundry:stratos:0.9.8
-
cpe:2.3:a:cloudfoundry:stratos:0.9.9
-
cpe:2.3:a:cloudfoundry:stratos:1.0.0
-
cpe:2.3:a:cloudfoundry:stratos:1.0.2
-
cpe:2.3:a:cloudfoundry:stratos:1.1.0
-
cpe:2.3:a:cloudfoundry:stratos:2.0.0
-
cpe:2.3:a:cloudfoundry:stratos:2.0.1
-
cpe:2.3:a:cloudfoundry:stratos:2.1.0
-
cpe:2.3:a:cloudfoundry:stratos:2.1.0-3
-
cpe:2.3:a:cloudfoundry:stratos:2.1.1
-
cpe:2.3:a:cloudfoundry:stratos:2.1.1-1
-
cpe:2.3:a:cloudfoundry:stratos:2.1.1-2
-
cpe:2.3:a:cloudfoundry:stratos:2.1.1-3
-
cpe:2.3:a:cloudfoundry:stratos:2.1.1-4
-
cpe:2.3:a:cloudfoundry:stratos:2.1.1-5
-
cpe:2.3:a:cloudfoundry:stratos:2.1.1-6
-
cpe:2.3:a:cloudfoundry:stratos:2.1.2
-
cpe:2.3:a:cloudfoundry:stratos:2.2.0
-
cpe:2.3:a:cloudfoundry:stratos:2.2.0-3
-
cpe:2.3:a:cloudfoundry:stratos:2.2.0-4
-
cpe:2.3:a:cloudfoundry:stratos:2.2.0-5