CVE-2018-1276

Summary

Windows 2012R2 stemcells, versions prior to 1200.17, contain an information exposure vulnerability on vSphere. A remote user with the ability to push apps can execute crafted commands to read the IaaS metadata from the VM, which may contain BOSH credentials.

Affected Software

VendorProductVersion RangeStatus
Cloud FoundryWindows2012R2 stemcellversions prior to 1200.17affected

Weaknesses

  • Information exposure

ADP Enrichment

CVE Program Container

Additional References

References