High severity8.1NVD Advisory· Published Jun 13, 2017· Updated May 13, 2026

CVE-2017-4963

Description

An issue was discovered in Cloud Foundry Foundation Cloud Foundry release v252 and earlier versions, UAA stand-alone release v2.0.0 - v2.7.4.12 & v3.0.0 - v3.11.0, and UAA bosh release v26 & earlier versions. UAA is vulnerable to session fixation when configured to authenticate against external SAML or OpenID Connect based identity providers.

Affected products

Pivotal Software/Cloud Foundry Cf Release
cpe:2.3:a:pivotal_software:cloud_foundry_cf-release:*:*:*:*:*:*:*:*
Range: <=252
Pivotal Software/Cloud Foundry Uaa
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:*:*:*:*:*:*:*:*
Range: >=2.0.0,<=2.7.4.12
Pivotal Software/Cloud Foundry Uaa Release
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:*:*:*:*:*:bosh:*:*
Range: <=26
N/a/Cloud Foundry Foundationv5
Range: Cloud Foundry Foundation

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.cloudfoundry.org/cve-2017-4963/nvdVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.526
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000