CVE-2017-4973
high
CVSS v3
8.8
CVSS v4 NEW
โ
VIR risk
8.8
Description
Cloud Foundry UAA Privilege Escalation
Predictions
Exploit likelihood
92%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Maven | org.cloudfoundry.identity:cloudfoundry-identity-server | >=2.0.0,<2.7.4.14 | 2.7.4.14 |
| Maven | org.cloudfoundry.identity:cloudfoundry-identity-server | >=3.0.0,<3.6.8 | 3.6.8 |
| Maven | org.cloudfoundry.identity:cloudfoundry-identity-server | >=3.7.0,<3.9.10 | 3.9.10 |
| Maven | org.cloudfoundry.identity:cloudfoundry-identity-server | >=3.10.0,<3.15.0 | 3.15.0 |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| cloudfoundry | cloud_foundry_uaa_bosh | {"endIncluding":"30"} | |
| cloudfoundry | cloud_foundry_uaa_bosh | 13.1 | |
| cloudfoundry | cloud_foundry_uaa_bosh | 13.2 | |
| cloudfoundry | cloud_foundry_uaa_bosh | 13.3 | |
| cloudfoundry | cloud_foundry_uaa_bosh | 13.4 | |
| cloudfoundry | cloud_foundry_uaa_bosh | 13.5 | |
| cloudfoundry | cloud_foundry_uaa_bosh | 13.6 | |
| cloudfoundry | cloud_foundry_uaa_bosh | 13.7 | |
| cloudfoundry | cloud_foundry_uaa_bosh | 13.8 | |
| cloudfoundry | cloud_foundry_uaa_bosh | 13.9 | |
| cloudfoundry | cloud_foundry_uaa_bosh | 13.10 | |
| cloudfoundry | cloud_foundry_uaa_bosh | 13.11 | |
| cloudfoundry | cloud_foundry_uaa_bosh | 24 | |
| cloudfoundry | cloud_foundry_uaa_bosh | 24.1 | |
| cloudfoundry | cloud_foundry_uaa_bosh | 24.2 | |
| cloudfoundry | cloud_foundry_uaa_bosh | 24.3 | |
| cloudfoundry | cloud_foundry_uaa_bosh | 24.4 | |
| cloudfoundry | cloud_foundry_uaa_bosh | 24.5 | |
| cloudfoundry | cloud_foundry_uaa_bosh | 24.6 | |
| cloudfoundry | cloud_foundry_uaa_bosh | 30.1 | |
| cloudfoundry | cloud_foundry_uaa_bosh | 30.2 | |
| cloudfoundry | cloud_foundry_uaa_bosh | 30.3 | |
| pivotal_software | cloud_foundry_cf | {"endIncluding":"256"} | |
| pivotal_software | cloud_foundry_uaa | 2.2.5.4 | |
| pivotal_software | cloud_foundry_uaa | 2.7.1 | |
| pivotal_software | cloud_foundry_uaa | 2.7.2 | |
| pivotal_software | cloud_foundry_uaa | 2.7.3 | |
| pivotal_software | cloud_foundry_uaa | 2.7.4 | |
| pivotal_software | cloud_foundry_uaa | 2.7.4.1 | |
| pivotal_software | cloud_foundry_uaa | 2.7.4.2 | |
| pivotal_software | cloud_foundry_uaa | 2.7.4.3 | |
| pivotal_software | cloud_foundry_uaa | 2.7.4.4 | |
| pivotal_software | cloud_foundry_uaa | 2.7.4.5 | |
| pivotal_software | cloud_foundry_uaa | 2.7.4.6 | |
| pivotal_software | cloud_foundry_uaa | 2.7.4.7 | |
| pivotal_software | cloud_foundry_uaa | 2.7.4.8 | |
| pivotal_software | cloud_foundry_uaa | 2.7.4.9 | |
| pivotal_software | cloud_foundry_uaa | 2.7.4.11 | |
| pivotal_software | cloud_foundry_uaa | 2.7.4.12 | |
| pivotal_software | cloud_foundry_uaa | 2.7.4.13 | |
| pivotal_software | cloud_foundry_uaa | 3.6.1 | |
| pivotal_software | cloud_foundry_uaa | 3.6.2 | |
| pivotal_software | cloud_foundry_uaa | 3.6.3 | |
| pivotal_software | cloud_foundry_uaa | 3.6.4 | |
| pivotal_software | cloud_foundry_uaa | 3.6.5 | |
| pivotal_software | cloud_foundry_uaa | 3.6.6 | |
| pivotal_software | cloud_foundry_uaa | 3.6.7 | |
| pivotal_software | cloud_foundry_uaa | 3.9.1 | |
| pivotal_software | cloud_foundry_uaa | 3.9.2 | |
| pivotal_software | cloud_foundry_uaa | 3.9.3 | |
| pivotal_software | cloud_foundry_uaa | 3.9.4 | |
| pivotal_software | cloud_foundry_uaa | 3.9.5 | |
| pivotal_software | cloud_foundry_uaa | 3.9.6 | |
| pivotal_software | cloud_foundry_uaa | 3.9.7 | |
| pivotal_software | cloud_foundry_uaa | 3.9.8 | |
| pivotal_software | cloud_foundry_uaa | 3.9.9 | |
| pivotal_software | cloud_foundry_uaa | 3.9.12 | |
| pivotal_software | cloud_foundry_uaa | 3.9.13 | |
References
- https://www.cloudfoundry.org/cve-2017-4973/
- https://nvd.nist.gov/vuln/detail/CVE-2017-4973
- https://github.com/cloudfoundry/uaa/commit/0762cc768592abc4fb1c6afd9974ea6fb964f0f2
- https://github.com/cloudfoundry/uaa/commit/18cf22ba9177f1124f85f99651b474b48f12cd28
- https://github.com/cloudfoundry/uaa/commit/24bc5ade80560cedb9300940d2b398163ab0dc6
- https://github.com/cloudfoundry/uaa/commit/24c270ce725df890727b2bd7d8a4f338a3a58b7
- https://github.com/cloudfoundry/uaa/commit/3c456f0285e92713a0a9ce54c3e57d8636b9183c
- https://github.com/cloudfoundry/uaa/commit/52acfabd11c3c77c2a3f5229b32f56de0e8d26ad
- https://github.com/cloudfoundry/uaa/commit/5eb43757d5a3a2c9e7aae1ef3d0b9b7e2a38851e
- https://github.com/cloudfoundry/uaa/commit/9d44cb0c7c25ccae95bfa1c2d59ce46200c643cb
- https://github.com/cloudfoundry/uaa
- https://www.cloudfoundry.org/cve-2017-4973
CWEs
CWE-269
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.