All Vulnerability Reports

CVE-2017-8041: XSS vulnerability in org name in Single Sign-On for PCF

Severity

Medium

Vendor

Pivotal

Description

A user can execute a XSS attack on certain Single Sign-On service UI pages by inputting code in the text field for an organization name.

Affected VMware Products and Versions

Severity is medium unless otherwise noted.

• Single Sign-On for PCF:
  • 1.3.x versions prior to 1.3.4
  • 1.4.x versions prior to 1.4.3

Mitigation

Users of affected versions should apply the following mitigation:

• Releases that have fixed this issue include:
  • Single Sign-On for PCF: 1.3.4, 1.4.3

References

• https://network.tanzu.vmware.com/products/pivotal_single_sign-on_service/

History

2017-08-31: Initial vulnerability report published