CVE-2017-4963 Session Fixation for UAA External Authentication
Severity
Low
References
Affected VMware Products and Versions
Severity is low unless otherwise noted.
- Vulnerable cf-release and UAA versions listed here.
- PCF Elastic Runtime 1.9.x versions prior to 1.9.10
- PCF Operations Manager 1.9.x versions prior to 1.9.6
Mitigation
Users of affected versions should apply the following mitigation:
- Upgrade PCF Elastic Runtime 1.9.x versions to 1.9.10 or later
- Upgrade PCF Ops Manager 1.9.x versions to 1.9.6 or later
- Mitigations for vulnerable cf-release and UAA versions listed here.
Credit
This issue was responsibly reported by the GE Digital Security Team.