All Vulnerability Reports

CVE-2018-1276: Windows2012R2 stemcell exposes IaaS metadata on vSphere


Severity

Medium

References

Affected VMware Products and Versions

Severity is medium unless otherwise noted.

  • Pivotal Application Service for Windows 2012R2
    • 2.1.x versions prior to 2.1.4
    • 2.0.x versions prior to 2.0.6
    • 1.12.x versions prior to 1.12.10

Mitigation

Users of affected versions should apply the following mitigation:

  • Releases that have fixed this issue include:
    • Pivotal Application Service for Windows 2012R2: 2.1.4, 2.0.6, 1.12.10