CVE-2017-4960 UAA OAuth DOS via lockout feature
Severity
High
References
Affected VMware Products and Versions
Severity is high unless otherwise noted.
- Vulnerable cf-release and UAA versions listed here
- PCF Elastic Runtime 1.9.x versions prior to 1.9.10
- PCF Operations Manager 1.9.x versions prior to 1.9.6
Mitigation
Users of affected versions should apply the following mitigation:
- Upgrade PCF Elastic Runtime 1.9.x versions to 1.9.10 or later
- Upgrade PCF Ops Manager 1.9.x versions to 1.9.6 or later
- Mitigations for vulnerable cf-release and UAA versions listed here
Credit
This issue was responsibly reported by the Cloud Foundry UAA Team.