What is CVE-2017-4955?

CVE-2017-4955 is a critical-severity vulnerability in Pivotal_software Cloud_foundry_elastic_runtime, classified under Insertion of Sensitive Information into Log File. CVSS score: 9.8/10. Published 2017-06-13.

How severe is CVE-2017-4955?

Critical severity. CVSS v3 base score is 9.8 out of 10.

Information disclosure in Pivotal_software Cloud_foundry_elastic_runtime

CVE-2017-4955

An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.65, 1.7.x versions prior to 1.7.48, 1.8.x versions prior to 1.8.28, and 1.9.x versions prior to 1.9.5. Several credentials were present in the logs for the…

EPSS: 0.004 (61.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Pivotal_software Cloud_foundry_elastic_runtime — versions 1.6.0, 1.6.1, 1.6.2
N/a Pcf Elastic Runtime — versions PCF Elastic Runtime

Weakness classification (CWE)

CWE-532 — Insertion of Sensitive Information into Log File

References

security_alert@emc.com (x_refsource_CONFIRM, Mitigation, Vendor Advisory)
security_alert@emc.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)

Frequently asked questions

What is CVE-2017-4955?: CVE-2017-4955 is a critical-severity vulnerability in Pivotal_software Cloud_foundry_elastic_runtime, classified under Insertion of Sensitive Information into Log File. CVSS score: 9.8/10. Published 2017-06-13.
How severe is CVE-2017-4955?: Critical severity. CVSS v3 base score is 9.8 out of 10.