CVE-2017-8040
N/A
N/A
Summary
In Single Sign-On for Pivotal Cloud Foundry (PCF) 1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3, an XXE (XML External Entity) attack was discovered in the Single Sign-On service dashboard. Privileged users can in some cases upload malformed XML leading to exposure of data on the Single Sign-On service broker file system.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | PCF Single Sign-On for PCF:1.3.x versions prior to 1.3.4, 1.4.x versions prior to 1.4.3 | PCF Single Sign-On for PCF:1.3.x versions prior to 1.3.4, 1.4.x versions prior to 1.4.3 | affected |
Weaknesses
- XXE Vulnerability
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.