MidnightBSD

Advisories for pivotal

CVE-2016-0732 MEDIUM

The identity zones feature in Pivotal Cloud Foundry 208 through 229; UAA 2.0.0 through 2.7.3 and 3.0.0; UAA-Release 2 through 4, when configured with multiple identity zones; and Elastic Runtime 1.6.0 through 1.6.13 allows remote authenticated users with privileges in one zone to gain privileges and perform operations on a different zone via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-269,

Products Affected

Vendor Product Version
cloudfoundry user_account_and_authentication 2.6.2
cloudfoundry user_account_and_authentication 2.7.1
pivotal elastic_runtime 1.6.11
cloudfoundry user_account_and_authentication 2.0.2
cloudfoundry user_account_and_authentication 2.0.0
cloudfoundry user_account_and_authentication 2.4.1
cloudfoundry user_account_and_authentication 2.6.1
pivotal elastic_runtime 1.6.2
cloudfoundry user_account_and_authentication 2.7.2
cloudfoundry uaa-release 3
cloudfoundry user_account_and_authentication 2.1.0
cloudfoundry user_account_and_authentication 2.2.3
cloudfoundry user_account_and_authentication 2.5.0
cloudfoundry user_account_and_authentication 2.2.4.1
cloudfoundry user_account_and_authentication 2.7.0.2
cloudfoundry user_account_and_authentication 2.6.0
cloudfoundry user_account_and_authentication 2.2.4
cloudfoundry uaa-release 4
cloudfoundry user_account_and_authentication 2.3.0
pivotal elastic_runtime 1.6.13
cloudfoundry uaa-release 2
cloudfoundry user_account_and_authentication 2.0.3
cloudfoundry user_account_and_authentication 2.2.5.3
cloudfoundry user_account_and_authentication 2.2.6
pivotal elastic_runtime 1.6.1
pivotal elastic_runtime 1.6.10
cloudfoundry user_account_and_authentication 2.7.3
cloudfoundry user_account_and_authentication 2.3.1.1
cloudfoundry user_account_and_authentication 2.2.2
cloudfoundry user_account_and_authentication 2.2.1
pivotal elastic_runtime 1.6.6
cloudfoundry user_account_and_authentication 2.7.0.3
cloudfoundry user_account_and_authentication 2.2.0
pivotal elastic_runtime 1.6.0
cloudfoundry cf-release *
pivotal elastic_runtime 1.6.9
cloudfoundry user_account_and_authentication 2.7.0
cloudfoundry user_account_and_authentication 2.5.2
pivotal elastic_runtime 1.6.8
cloudfoundry user_account_and_authentication 2.7.0.1
pivotal elastic_runtime 1.6.5
pivotal elastic_runtime 1.6.12
cloudfoundry user_account_and_authentication 2.2.5.2
pivotal elastic_runtime 1.6.4
cloudfoundry user_account_and_authentication 2.4.0
pivotal elastic_runtime 1.6.3
cloudfoundry user_account_and_authentication 2.3.1
pivotal elastic_runtime 1.6.7
cloudfoundry user_account_and_authentication 2.0.1
cloudfoundry user_account_and_authentication 2.5.1
cloudfoundry user_account_and_authentication 2.2.5
CVE-2016-0928 MEDIUM

Multiple open redirect vulnerabilities in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.30 and 1.7.x before 1.7.8 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-601,

Products Affected

Vendor Product Version
pivotal cloud_foundry_elastic_runtime 1.7.3
pivotal cloud_foundry_elastic_runtime 1.7.7
pivotal cloud_foundry_elastic_runtime 1.7.2
pivotal cloud_foundry_elastic_runtime *
pivotal cloud_foundry_elastic_runtime 1.7.5
pivotal cloud_foundry_elastic_runtime 1.7.1
pivotal cloud_foundry_elastic_runtime 1.7.4
pivotal cloud_foundry_elastic_runtime 1.7.0
pivotal cloud_foundry_elastic_runtime 1.7.6
CVE-2016-0930 MEDIUM

Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.19 and 1.7.x before 1.7.10, when vCloud or vSphere is used, has a default password for compilation VMs, which allows remote attackers to obtain SSH access by connecting within an installation-time period during which these VMs exist.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-362,

Products Affected

Vendor Product Version
pivotal operations_manager 1.7.3
pivotal operations_manager 1.7.4
pivotal operations_manager *
pivotal operations_manager 1.7.6
pivotal operations_manager 1.7.5
pivotal operations_manager 1.7.0
pivotal operations_manager 1.7.9
pivotal operations_manager 1.7.2
pivotal operations_manager 1.7.7
pivotal operations_manager 1.7.1
pivotal operations_manager 1.7.8
CVE-2016-4435 MEDIUM

An endpoint of the Agent running on the BOSH Director VM with stemcell versions prior to 3232.6 and 3146.13 may allow unauthenticated clients to read or write blobs or cause a denial of service attack on the Director VM. This vulnerability requires that the unauthenticated clients guess or find a URL matching an existing GUID.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
pivotal bosh_stemcell 3146.13
pivotal bosh_stemcell *
CVE-2016-4977 MEDIUM

When processing authorization requests using the whitelabel views in Spring Security OAuth 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5, the response_type parameter value was executed as Spring SpEL which enabled a malicious user to trigger remote code execution via the crafting of the value for response_type.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-19,

Products Affected

Vendor Product Version
pivotal spring_security_oauth 2.0.1
pivotal spring_security_oauth 2.0.2
pivotal spring_security_oauth 2.0.3
pivotal spring_security_oauth 1.0.0
pivotal spring_security_oauth 2.0.9
pivotal spring_security_oauth 2.0.8
pivotal spring_security_oauth 1.0.3
pivotal spring_security_oauth 2.0.5
pivotal spring_security_oauth 2.0.7
pivotal spring_security_oauth 2.0.4
pivotal spring_security_oauth 1.0.2
pivotal spring_security_oauth 2.0.6
pivotal spring_security_oauth 1.0.4
pivotal spring_security_oauth 2.0.0
pivotal spring_security_oauth 1.0.1
pivotal spring_security_oauth 1.0.5
CVE-2016-6639 MEDIUM

Cloud Foundry PHP Buildpack (aka php-buildpack) before 4.3.18 and PHP Buildpack Cf-release before 242, as used in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.38 and 1.7.x before 1.7.19 and other products, place the .profile file in the htdocs directory, which might allow remote attackers to obtain sensitive information via an HTTP GET request for this file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-254,

Products Affected

Vendor Product Version
pivotal cloud_foundry_elastic_runtime 1.7.3
cloudfoundry php-buildpack *
pivotal cloud_foundry_elastic_runtime 1.7.15
pivotal cloud_foundry_elastic_runtime *
pivotal cloud_foundry_elastic_runtime 1.7.5
pivotal cloud_foundry_elastic_runtime 1.7.14
pivotal cloud_foundry_elastic_runtime 1.7.9
pivotal cloud_foundry_elastic_runtime 1.7.10
pivotal cloud_foundry_elastic_runtime 1.7.1
pivotal cloud_foundry_elastic_runtime 1.7.13
pivotal cloud_foundry_elastic_runtime 1.7.16
pivotal cloud_foundry_elastic_runtime 1.7.18
pivotal cloud_foundry_elastic_runtime 1.7.4
pivotal cloud_foundry_elastic_runtime 1.7.11
pivotal cloud_foundry_elastic_runtime 1.7.7
pivotal cloud_foundry_elastic_runtime 1.7.2
pivotal cloud_foundry_elastic_runtime 1.7.8
pivotal cloud_foundry_elastic_runtime 1.7.12
pivotal cloud_foundry_elastic_runtime 1.7.0
pivotal cloud_foundry_elastic_runtime 1.7.6
pivotal cloud_foundry_elastic_runtime 1.7.17
CVE-2017-3203 MEDIUM

The Java implementations of AMF3 deserializers in Pivotal/Spring Spring-flex derive class instances from java.io.Externalizable rather than the AMF3 specification's recommendation of flash.utils.IExternalizable. A remote attacker with the ability to spoof or control an RMI server connection may be able to send serialized Java objects that execute arbitrary code when deserialized.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-502,CWE-502,

Products Affected

Vendor Product Version
pivotal spring-flex *
CVE-2017-4971 MEDIUM

An issue was discovered in Pivotal Spring Web Flow through 2.4.4. Applications that do not change the value of the MvcViewFactoryCreator useSpringBinding property which is disabled by default (i.e., set to 'false') can be vulnerable to malicious EL expressions in view states that process form submissions but do not have a sub-element to declare explicit data binding property mappings.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-1188,

Products Affected

Vendor Product Version
pivotal spring_web_flow 2.4.4
pivotal spring_web_flow 2.4.2
pivotal spring_web_flow 2.4.0
pivotal spring_web_flow 2.4.1
CVE-2017-4975 MEDIUM

An issue was discovered in Pivotal PCF Tile Generator versions prior to 6.0.0. Tiles created by the PCF Tile Generator create a running open security group that overrides security groups set by the operator.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-276,

Products Affected

Vendor Product Version
pivotal pcf_tile_generator *
CVE-2017-8039 MEDIUM

An issue was discovered in Pivotal Spring Web Flow through 2.4.5. Applications that do not change the value of the MvcViewFactoryCreator useSpringBinding property which is disabled by default (i.e., set to 'false') can be vulnerable to malicious EL expressions in view states that process form submissions but do not have a sub-element to declare explicit data binding property mappings. NOTE: this issue exists because of an incomplete fix for CVE-2017-4971.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-1188,

Products Affected

Vendor Product Version
pivotal spring_web_flow 2.4.4
pivotal spring_web_flow 2.4.2
pivotal spring_web_flow 2.4.5
pivotal spring_web_flow 2.4.0
pivotal spring_web_flow 2.4.1
CVE-2017-8047 MEDIUM

In Cloud Foundry router routing-release all versions prior to v0.163.0 and cf-release all versions prior to v274, in some applications, it is possible to append a combination of characters to the URL that will allow for an open redirect. An attacker could exploit this as a phishing attack to gain access to user credentials or other sensitive data. NOTE: 274 resolves the vulnerability but has a serious bug that is fixed in 275.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-601,

Products Affected

Vendor Product Version
pivotal routing-release *
cloudfoundry cf-release *
CVE-2017-8048 MEDIUM

In Cloud Foundry capi-release versions 1.33.0 and later, prior to 1.42.0 and cf-release versions 268 and later, prior to 274, the original fix for CVE-2017-8033 introduces an API regression that allows a space developer to execute arbitrary code on the Cloud Controller VM by pushing a specially crafted application. NOTE: 274 resolves the vulnerability but has a serious bug that is fixed in 275.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
pivotal capi-release 1.36.0
pivotal capi-release 1.37.0
pivotal capi-release 1.41.0
cloudfoundry cf-release 268
cloudfoundry cf-release 271
cloudfoundry cf-release 269
cloudfoundry cf-release 272
pivotal capi-release 1.39.0
cloudfoundry cf-release 270
pivotal capi-release 1.35.0
pivotal capi-release 1.38.0
pivotal capi-release 1.40.0
pivotal capi-release 1.33.0
cloudfoundry cf-release 273
pivotal capi-release 1.34.0
CVE-2018-1190 MEDIUM

An issue was discovered in these Pivotal Cloud Foundry products: all versions prior to cf-release v270, UAA v3.x prior to v3.20.2, and UAA bosh v30.x versions prior to v30.8 and all other versions prior to v45.0. A cross-site scripting (XSS) attack is possible in the clientId parameter of a request to the UAA OpenID Connect check session iframe endpoint used for single logout session management.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
pivotal uaa *
cloudfoundry cf-release *
pivotal uaa_bosh *
CVE-2018-1223 MEDIUM

Cloud Foundry Container Runtime (kubo-release), versions prior to 0.14.0, may leak UAA and vCenter credentials to application logs. A malicious user with the ability to read the application logs could use these credentials to escalate privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-532,

Products Affected

Vendor Product Version
pivotal cloud_foundry_container_runtime *
CVE-2019-11275 MEDIUM

Pivotal Application Manager, versions 666.0.x prior to 666.0.36, versions 667.0.x prior to 667.0.22, versions 668.0.x prior to 668.0.21, versions 669.0.x prior to 669.0.13, and versions 670.0.x prior to 670.0.7, contain a vulnerability where a remote authenticated user can create an app with a name such that a csv program can interpret into a formula and gets executed. The malicious user can possibly gain access to a usage report that requires a higher privilege.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-74,CWE-1236,

Products Affected

Vendor Product Version
pivotal_software pivotal_application_service *
pivotal apps_manager *
CVE-2019-11284 MEDIUM

Pivotal Reactor Netty, versions prior to 0.8.11, passes headers through redirects, including authorization ones. A remote unauthenticated malicious user may gain access to credentials for a different server than they have access to.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.6 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N 3.9 4.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-522,CWE-522,

Products Affected

Vendor Product Version
pivotal reactor_netty *
CVE-2019-11288 LOW

In Pivotal tc Server, 3.x versions prior to 3.2.19 and 4.x versions prior to 4.0.10, and Pivotal tc Runtimes, 7.x versions prior to 7.0.99.B, 8.x versions prior to 8.5.47.A, and 9.x versions prior to 9.0.27.A, when a tc Runtime instance is configured with the JMX Socket Listener, a local attacker without access to the tc Runtime process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and gain complete control over the tc Runtime instance.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.0 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.0 5.9

CVSS 2.0

Severity: LOW

Problem Type: CWE-269,NVD-CWE-Other,

Products Affected

Vendor Product Version
pivotal tc_runtimes *
pivotal tc_server *
CVE-2019-19023 MEDIUM

Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 has a Privilege Escalation Vulnerability in the VMware Harbor Container Registry for the Pivotal Platform.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
linuxfoundation harbor *
pivotal vmware_harbor_registry -
CVE-2019-19025 MEDIUM

Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows CSRF in the VMware Harbor Container Registry for the Pivotal Platform.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
linuxfoundation harbor *
pivotal vmware_harbor_registry -
CVE-2019-19026 MEDIUM

Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows SQL Injection via project quotas in the VMware Harbor Container Registry for the Pivotal Platform.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
linuxfoundation harbor *
pivotal vmware_harbor_registry -
CVE-2019-19029 MEDIUM

Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows SQL Injection via user-groups in the VMware Harbor Container Registry for the Pivotal Platform.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
linuxfoundation harbor *
pivotal vmware_harbor_registry -
CVE-2019-3800 LOW

CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the leaked credentials.

CVSS 2.0

Severity: LOW

Problem Type: CWE-522,CWE-200,

Products Affected

Vendor Product Version
forgerock service_broker *
cyberark conjur_service_broker *
ibm websphere_liberty_ *
anynines rabbitmq *
wavefront wavefront_by_vmware_nozzle *
pivotal cloud_foundry_command_line_interface_release *
newrelic dotnet_extension_buildpack *
pivotal cloud_foundry_autoscaling_release *
pivotal cloud_foundry_deployment_concourse_tasks *
appdynamics platform_montioring *
datadoghq application_monitoring *
pivotal cloud_foundry_command_line_interface *
pivotal pivotal_cloud_foundry_service_broker *
appdynamics application_performance_monitoring *
pivotal cloud_foundry_log_cache_release *
apigee edge_service_broker *
pivotal credhub_service_broker_for_pcf *
pivotal cloud_foundry_deployment *
samba volume_service *
google google_cloud_platform_service_broker *
appdynamics application_analytics *
solace pubsub+ *
pagerduty service_broker *
anynines postgresql *
anynines elasticsearch *
dynatrace service_broker *
signalsciences service_broker *
sumologic nozzle *
datastax enterprise_service_broker *
anynines mysql *
contrastsecurity service_broker *
newrelic service_broker *
pivotal cloud_foundry_networking_release *
pivotal cloud_foundry_event_alerts *
pivotal on_demand_service_broker *
pivotal cloud_foundry_routing_release *
pivotal cloud_foundry_notifications *
pivotal application_service *
microsoft azure_service_broker *
tibco businessworks_buildpack *
anynines redis *
bluemedora nozzle *
pivotal metric_registrar_release *
pivotal single_sign-on *
splunk nozzle *
newrelic nozzle *
riverbed steelcentral_appinternals *
anynines mongodb *
yugabyte db_enterprise *
anynines logme *
snyk service_broker *
synopsys seeker_iast_service_broker *
pivotal cloud_foundry_healthwatch *
pivotal cloud_foundry_smoke_test *
microsoft azure_log_analytics_nozzle *
CVE-2020-5403 MEDIUM

Reactor Netty HttpServer, versions 0.9.3 and 0.9.4, is exposed to a URISyntaxException that causes the connection to be closed prematurely instead of producing a 400 response.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-755,

Products Affected

Vendor Product Version
pivotal reactor_netty 0.9.3
pivotal reactor_netty 0.9.4
CVE-2020-5404 MEDIUM

The HttpClient from Reactor Netty, versions 0.9.x prior to 0.9.5, and versions 0.8.x prior to 0.8.16, may be used incorrectly, leading to a credentials leak during a redirect to a different domain. In order for this to happen, the HttpClient must have been explicitly configured to follow redirects.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N 1.6 4.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-522,CWE-522,

Products Affected

Vendor Product Version
pivotal reactor_netty *
CVE-2022-22969 MEDIUM

<Issue Description> Spring Security OAuth versions 2.5.x prior to 2.5.2 and older unsupported versions are susceptible to a Denial-of-Service (DoS) attack via the initiation of the Authorization Request in an OAuth 2.0 Client application. A malicious user or attacker can send multiple requests initiating the Authorization Request for the Authorization Code Grant, which has the potential of exhausting system resources using a single session. This vulnerability exposes OAuth 2.0 Client applications only.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle communications_design_studio 7.4.2
pivotal spring_security_oauth *
CVE-2022-31684

Reactor Netty HTTP Server, in versions 1.0.11 - 1.0.23, may log request headers in some cases of invalid HTTP requests. The logged headers may reveal valid access tokens to those with access to server logs. This may affect only invalid HTTP requests where logging at WARN level is enabled.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

Products Affected

Vendor Product Version
pivotal reactor_netty *
CVE-2023-20885

Vulnerability in Cloud Foundry Notifications, Cloud Foundry SMB-volume release, Cloud FOundry cf-nfs-volume release.This issue affects Notifications: All versions prior to 63; SMB-volume release: All versions prior to 3.1.19; cf-nfs-volume release: 5.0.X versions prior to 5.0.27, 7.1.X versions prior to 7.1.19.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@vmware.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
pivotal cloud_foundry_notifications *
pivotal cloud_foundry_nfs_volume *
pivotal cloud_foundry_smb_volume *
CVE-2023-34054

In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable if Reactor Netty HTTP Server built-in integration with Micrometer is enabled.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
security@vmware.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

Products Affected

Vendor Product Version
pivotal reactor_netty *
CVE-2023-34061

Cloud Foundry routing release versions from v0.163.0 to v0.283.0 are vulnerable to a DOS attack. An unauthenticated attacker can use this vulnerability to force route pruning and therefore degrade the service availability of the Cloud Foundry deployment.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
security@vmware.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
pivotal cloud_foundry_routing_release *
pivotal cloud_foundry_deployment *
CVE-2023-34062

In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39, a malicious user can send a request using a specially crafted URL that can lead to a directory traversal attack. Specifically, an application is vulnerable if Reactor Netty HTTP Server is configured to serve static resources.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@vmware.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
pivotal reactor_netty *