Medium severity6.5NVD Advisory· Published Sep 9, 2017· Updated May 13, 2026

CVE-2017-8040

Description

In Single Sign-On for Pivotal Cloud Foundry (PCF) 1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3, an XXE (XML External Entity) attack was discovered in the Single Sign-On service dashboard. Privileged users can in some cases upload malformed XML leading to exposure of data on the Single Sign-On service broker file system.

Affected products

VMware/Single Sign On For Pivotal Cloud Foundry7 versions
cpe:2.3:a:vmware:single_sign-on_for_pivotal_cloud_foundry:1.3.0:*:*:*:*:*:*:*+ 6 more
- cpe:2.3:a:vmware:single_sign-on_for_pivotal_cloud_foundry:1.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:single_sign-on_for_pivotal_cloud_foundry:1.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:single_sign-on_for_pivotal_cloud_foundry:1.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:single_sign-on_for_pivotal_cloud_foundry:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:single_sign-on_for_pivotal_cloud_foundry:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:single_sign-on_for_pivotal_cloud_foundry:1.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:single_sign-on_for_pivotal_cloud_foundry:1.4.3:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

pivotal.io/security/cve-2017-8040nvdPatchVendor Advisory
www.securityfocus.com/bid/100617nvdThird Party AdvisoryVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.423
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000