admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
cvelist/2019/3xxx/CVE-2019-3777.json
CVE Team fd89b21df7
"-Synchronized-Data."
2019-03-18 03:28:03 +00:00

122 lines
4.8 KiB
JSON
Raw Blame History

{
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2019-02-26T23:47:49.000Z",
"ID": "CVE-2019-3777",
"STATE": "PUBLIC",
"TITLE": "Apps Manager unverified SSL certs in Cloud Controller proxy"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apps Manager",
"version": {
"version_data": [
{
"affected": "<",
"version_name": "666",
"version_value": "666.0.19"
},
{
"affected": "<",
"version_name": "665",
"version_value": "665.0.26"
},
{
"affected": "<",
"version_name": "667",
"version_value": "667.0.5"
}
]
}
},
{
"product_name": "Pivotal Application Service",
"version": {
"version_data": [
{
"affected": "<",
"version_name": "2.4",
"version_value": "2.4.3"
},
{
"affected": "<",
"version_name": "2.3",
"version_value": "2.3.7"
},
{
"affected": "<",
"version_name": "2.2",
"version_value": "2.2.12"
}
]
}
}
]
},
"vendor_name": "Pivotal"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pivotal Application Service (PAS), versions 2.2.x prior to 2.2.12, 2.3.x prior to 2.3.7 and 2.4.x prior to 2.4.3, contain apps manager that uses a cloud controller proxy that fails to verify SSL certs. A remote unauthenticated attacker that could hijack the Cloud Controller's DNS record could intercept access tokens sent to the Cloud Controller, giving the attacker access to the user's resources in the Cloud Controller"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-295: Improper Certificate Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "107214",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107214"
},
{
"name": "https://pivotal.io/security/cve-2019-3777",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2019-3777"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
Reference in New Issue View Git Blame Copy Permalink