In Cloud Foundry Foundation cf-release versions prior to v285; cf-deployment versions prior to v1.7; UAA 4.5.x versions before 4.5.5, 4.8.x versions before 4.8.3, and 4.7.x versions before 4.7.4; and UAA-release 45.7.x versions before 45.7, 52.7.x versions before 52.7, and 53.3.x versions before 53.3, the SessionID is logged in audit event logs. An attacker can use the SessionID to impersonate a logged-in user.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
pivotal software cloud foundry uaa |
||
pivotal software cloud foundry uaa-release 53.3 |
||
pivotal software cloud foundry uaa-release 52.7 |
||
pivotal software cloud foundry uaa-release 45.7 |
||
pivotal software cloud foundry cf-release |
||
pivotal software cloud foundry cf-deployment |