CVE-2017-4963 Session Fixation for UAA External Authentication
Severity is low unless otherwise noted.
- Vulnerable cf-release and UAA versions listed here.
- PCF Elastic Runtime 1.9.x versions prior to 1.9.10
- PCF Operations Manager 1.9.x versions prior to 1.9.6
Users of affected versions should apply the following mitigation:
- Upgrade PCF Elastic Runtime 1.9.x versions to 1.9.10 or later
- Upgrade PCF Ops Manager 1.9.x versions to 1.9.6 or later
- Mitigations for vulnerable cf-release and UAA versions listed here.
This issue was responsibly reported by the GE Digital Security Team.