CVE-2017-4963
- Source
- https://cve.org/CVERecord?id=CVE-2017-4963
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-4963.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2017-4963
- Published
- 2017-06-13T06:29:00.427Z
- Modified
- 2026-04-10T04:01:34.083308Z
- Severity
-
- 8.1 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
An issue was discovered in Cloud Foundry Foundation Cloud Foundry release v252 and earlier versions, UAA stand-alone release v2.0.0 - v2.7.4.12 & v3.0.0 - v3.11.0, and UAA bosh release v26 & earlier versions. UAA is vulnerable to session fixation when configured to authenticate against external SAML or OpenID Connect based identity providers.
- References
Affected packages
Git / github.com/cloudfoundry-attic/cf-release
Affected ranges
- Type
- GIT
- Repo
- https://github.com/cloudfoundry-attic/cf-release
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "0" }, { "last_affected": "252" } ] }
Affected versions
Other
-
ci-upgrade
list
log
scotty_09012012
v10
v100
v102
v103
v104
v105
v109
v11
v119
v12
v132
v133
v134
v135
v136
v137
v14
v140
v143
v15
v156
v157
v16
v161
v17
v170
v18
v183
v19
v2
v20
v205
v21
v22
v23
v24
v245
v249
v25
v252
v26
v3
v6
v7
v8
v9
v99
works-for-us
rc145.*
rc145.0
v12.*
v12.3