CVE-2021-22100

Summary

In cloud foundry CAPI versions prior to 1.122, a denial-of-service attack in which a developer can push a service broker that (accidentally or maliciously) causes CC instances to timeout and fail is possible. An attacker can leverage this vulnerability to cause an inability for anyone to push or manage apps.

Affected Software

VendorProductVersion RangeStatus
n/aCloud Controller (CAPI) by cloud foundryCAPI versions prior to 1.122.0affected

Weaknesses

  • CWE-400: CWE-400: Uncontrolled Resource Consumption

ADP Enrichment

CVE Program Container

Additional References

References