CVE-2017-4963

HIGH Year: 2017
CVSS v3 Score
8.1
High
CVSS v2 Score
6.8
Medium
Weakness Type
CWE-384
View all →

Vulnerability Description

An issue was discovered in Cloud Foundry Foundation Cloud Foundry release v252 and earlier versions, UAA stand-alone release v2.0.0 - v2.7.4.12 & v3.0.0 - v3.11.0, and UAA bosh release v26 & earlier versions. UAA is vulnerable to session fixation when configured to authenticate against external SAML or OpenID Connect based identity providers.

Related Vulnerabilities

CVE-2013-0507

HIGH
CVSS:8.1(High)

IBM InfoSphere Information Server 8.1, 8.5, 8.7, 9.1 has a Session Fixation Vulnerability

CWE-3842013

CVE-2016-0721

HIGH
CVSS:8.1(High)

Session fixation vulnerability in pcsd in pcs before 0.9.157.

CWE-3842016

CVE-2016-8609

HIGH
CVSS:8.1(High)

It was found that the keycloak before 2.3.0 did not implement authentication flow correctly. An attacker could use this flaw to construct a phishing URL, from which he could hijack the user's session....

CWE-3842016

CVE-2016-9981

HIGH
CVSS:8.1(High)

IBM AppScan Enterprise Edition 9.0 contains an unspecified vulnerability that could allow an attacker to hijack a valid user's session. IBM X-Force ID: 120257

CWE-3842016

CVE-2017-12619

HIGH
CVSS:8.1(High)

Apache Zeppelin prior to 0.7.3 was vulnerable to session fixation which allowed an attacker to hijack a valid user session. Issue was reported by "stone lone".

CWE-3842017

CVE-2017-14263

HIGH
CVSS:8.1(High)

Honeywell NVR devices allow remote attackers to create a user account in the admin group by leveraging access to a guest account to obtain a session ID, and then sending that session ID in a userManag...

CWE-3842017