CVE-2017-8032: UAA Identity Zone Admin Privilege Escalation
Severity
High
References
Affected VMware Products and Versions
Severity is high unless otherwise noted.
- PCF Elastic Runtime:
- 1.7.x versions prior to 1.7.70
- 1.8.x versions prior to 1.8.52
- 1.9.x versions prior to 1.9.27
- 1.10.x versions prior to 1.10.14
- 1.11.x versions prior to 1.11.1
- PCF Operations Manager:
- 1.7.x versions prior to 1.7.32
- 1.8.x versions prior to 1.8.25
- 1.9.x versions prior to 1.9.17
- 1.10.x versions prior to 1.10.12
- 1.11.x versions prior to 1.11.1
Mitigation
Users of affected versions should apply the following mitigation:
- The Cloud Foundry team recommends upgrading BOSH stemcells and/or other OSS components listed here if applicable.
- Releases that have fixed this issue include:
- PCF Elastic Runtime: 1.7.70, 1.8.52, 1.9.27, 1.10.14, 1.11.1
- PCF Operations Manager: 1.7.32, 1.8.25, 1.9.17, 1.10.12, 1.11.1