CVE-2019-3800

CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the leaked credentials.

CVSS v3.0 7.8 HIGH
CVSS v2.0 2.1 LOW

7.8^/10

CVSS v3.0 : HIGH

V3 Legend

Vector : AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

2.1^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://pivotal.io/security/cve-2019-3800	Vendor Advisory
https://www.cloudfoundry.org/blog/cve-2019-3800	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:pivotal:cloud_foundry_deployment_concourse_tasks::::::::
	cpe:2.3:a:pivotal:cloud_foundry_deployment::::::::
	cpe:2.3:a:pivotal:cloud_foundry_smoke_test::::::::
	cpe:2.3:a:pivotal:cloud_foundry_routing_release::::::::
	cpe:2.3:a:pivotal:cloud_foundry_notifications::::::::
	cpe:2.3:a:pivotal:cloud_foundry_command_line_interface_release::::::::
	cpe:2.3:a:pivotal:cloud_foundry_log_cache_release::::::::
	cpe:2.3:a:pivotal:cloud_foundry_networking_release::::::::
	cpe:2.3:a:pivotal:cloud_foundry_command_line_interface::::::::

Configuration 2 (hide)

OR	cpe:2.3:a:pivotal:cloud_foundry_healthwatch::::::::
	cpe:2.3:a:pivotal:cloud_foundry_healthwatch::::::::
	cpe:2.3:a:pivotal:credhub_service_broker_for_pcf::::::::
	cpe:2.3:a:pivotal:metric_registrar_release::::::::
	cpe:2.3:a:pivotal:on_demand_service_broker::::::::
	cpe:2.3:a:pivotal:application_service::::::::
	cpe:2.3:a:pivotal:cloud_foundry_autoscaling_release::::::::
	cpe:2.3:a:pivotal:pivotal_cloud_foundry_service_broker::::::aws::*
	cpe:2.3:a:pivotal:single_sign-on::::::cloud_foundry::*
	cpe:2.3:a:pivotal:single_sign-on::::::cloud_foundry::*
	cpe:2.3:a:pivotal:single_sign-on::::::cloud_foundry::*
	cpe:2.3:a:pivotal:cloud_foundry_event_alerts::::::::
	cpe:2.3:a:pivotal:application_service::::::::
	cpe:2.3:a:pivotal:application_service::::::::

Configuration 3 (hide)

OR	cpe:2.3:a:appdynamics:platform_montioring::::::pivotal_cloud_foundry::*
	cpe:2.3:a:bluemedora:nozzle::::::pivotal_cloud_foundry::*
	cpe:2.3:a:contrastsecurity:service_broker::::::pivotal_cloud_foundry::*
	cpe:2.3:a:cyberark:conjur_service_broker::::::pivotal_cloud_foundry::*
	cpe:2.3:a:samba:volume_service::::::pivotal_cloud_foundry::*
	cpe:2.3:a:signalsciences:service_broker::::::pivotal_cloud_foundry::*
	cpe:2.3:a:snyk:service_broker::::::pivotal_cloud_foundry::*
	cpe:2.3:a:solace:pubsub\+::::::pivotal_cloud_foundry::*
	cpe:2.3:a:anynines:mongodb::::::pivotal_cloud_foundry::*
	cpe:2.3:a:apigee:edge_service_broker::::::pivotal_cloud_foundry::*
	cpe:2.3:a:appdynamics:application_performance_monitoring::::::pivotal_cloud_foundry::*
	cpe:2.3:a:newrelic:dotnet_extension_buildpack::::::pivotal_cloud_foundry::*
	cpe:2.3:a:microsoft:azure_service_broker::::::pivotal_cloud_foundry::*
	cpe:2.3:a:appdynamics:application_analytics::::::pivotal_cloud_foundry::*
	cpe:2.3:a:datadoghq:application_monitoring::::::pivotal_cloud_foundry::*
	cpe:2.3:a:datastax:enterprise_service_broker::::::pivotal_cloud_foundry::*
	cpe:2.3:a:dynatrace:service_broker::::::pivotal_cloud_foundry::*
	cpe:2.3:a:forgerock:service_broker::::::pivotal_cloud_foundry::*
	cpe:2.3:a:google:google_cloud_platform_service_broker::::::pivotal_cloud_foundry::*
	cpe:2.3:a:ibm:websphere_liberty_::::::pivotal_cloud_foundry::*
	cpe:2.3:a:microsoft:azure_log_analytics_nozzle::::::pivotal_cloud_foundry::*
	cpe:2.3:a:newrelic:nozzle::::::pivotal_cloud_foundry::*
	cpe:2.3:a:pagerduty:service_broker::::::pivotal_cloud_foundry::*
	cpe:2.3:a:wavefront:wavefront_by_vmware_nozzle::::::pivotal_cloud_foundry::*
	cpe:2.3:a:tibco:businessworks_buildpack:::::container:pivotal_cloud_foundry::
	cpe:2.3:a:sumologic:nozzle::::::pivotal_cloud_foundry::*
	cpe:2.3:a:yugabyte:db_enterprise::::::pivotal_cloud_foundry::*
	cpe:2.3:a:anynines:elasticsearch::::::pivotal_cloud_foundry::*
	cpe:2.3:a:anynines:logme::::::pivotal_cloud_foundry::*
	cpe:2.3:a:anynines:mysql::::::pivotal_cloud_foundry::*
	cpe:2.3:a:anynines:postgresql::::::pivotal_cloud_foundry::*
	cpe:2.3:a:anynines:rabbitmq::::::pivotal_cloud_foundry::*
	cpe:2.3:a:anynines:redis::::::pivotal_cloud_foundry::*
	cpe:2.3:a:newrelic:service_broker::::::pivotal_cloud_foundry::*
	cpe:2.3:a:riverbed:steelcentral_appinternals::::::pivotal_cloud_foundry::*
	cpe:2.3:a:splunk:nozzle::::::pivotal_cloud_foundry::*
	cpe:2.3:a:synopsys:seeker_iast_service_broker::::::pivotal_cloud_foundry::*

Information

Published : 2019-08-05 10:15

Updated : 2019-10-09 16:49

NVD link : CVE-2019-3800

Mitre link : CVE-2019-3800

JSON object : View

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

Products Affected

sumologic

nozzle

pivotal

cloud_foundry_notifications
credhub_service_broker_for_pcf
cloud_foundry_networking_release
cloud_foundry_log_cache_release
cloud_foundry_smoke_test
on_demand_service_broker
pivotal_cloud_foundry_service_broker
cloud_foundry_healthwatch
cloud_foundry_routing_release
application_service
cloud_foundry_command_line_interface
cloud_foundry_autoscaling_release
single_sign-on
cloud_foundry_deployment_concourse_tasks
cloud_foundry_event_alerts
metric_registrar_release
cloud_foundry_deployment
cloud_foundry_command_line_interface_release

cyberark

conjur_service_broker

newrelic

dotnet_extension_buildpack
service_broker
nozzle

dynatrace

service_broker

appdynamics

application_performance_monitoring
platform_montioring
application_analytics

microsoft

azure_log_analytics_nozzle
azure_service_broker

contrastsecurity

service_broker

solace

pubsub\+

anynines

mysql
elasticsearch
logme
postgresql
mongodb
redis
rabbitmq

splunk

nozzle

bluemedora

nozzle

pagerduty

service_broker

tibco

businessworks_buildpack

apigee

edge_service_broker

yugabyte

db_enterprise

google

google_cloud_platform_service_broker

wavefront

wavefront_by_vmware_nozzle

ibm

websphere_liberty_

datastax

enterprise_service_broker

snyk

service_broker

forgerock

service_broker

synopsys

seeker_iast_service_broker

signalsciences

service_broker

riverbed

steelcentral_appinternals

samba

volume_service

datadoghq

application_monitoring

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://pivotal.io/security/cve-2019-3800", "name": "https://pivotal.io/security/cve-2019-3800", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "https://www.cloudfoundry.org/blog/cve-2019-3800", "name": "https://www.cloudfoundry.org/blog/cve-2019-3800", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the leaked credentials."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-200"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2019-3800", "ASSIGNER": "secure@dell.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "LOW", "acInsufInfo": false, "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}}, "publishedDate": "2019-08-05T17:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:pivotal:cloud_foundry_deployment_concourse_tasks:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "9.3.0"}, {"cpe23Uri": "cpe:2.3:a:pivotal:cloud_foundry_deployment:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "10.0.0"}, {"cpe23Uri": "cpe:2.3:a:pivotal:cloud_foundry_smoke_test:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "40.0.113"}, {"cpe23Uri": "cpe:2.3:a:pivotal:cloud_foundry_routing_release:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "0.189.0"}, {"cpe23Uri": "cpe:2.3:a:pivotal:cloud_foundry_notifications:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "58"}, {"cpe23Uri": "cpe:2.3:a:pivotal:cloud_foundry_command_line_interface_release:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "1.16.0"}, {"cpe23Uri": "cpe:2.3:a:pivotal:cloud_foundry_log_cache_release:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "2.3.1"}, {"cpe23Uri": "cpe:2.3:a:pivotal:cloud_foundry_networking_release:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "2.23.0"}, {"cpe23Uri": "cpe:2.3:a:pivotal:cloud_foundry_command_line_interface:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "6.45.0"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:pivotal:cloud_foundry_healthwatch:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "1.4.7", "versionStartIncluding": "1.4.0"}, {"cpe23Uri": "cpe:2.3:a:pivotal:cloud_foundry_healthwatch:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "1.5.4", "versionStartIncluding": "1.5.0"}, {"cpe23Uri": "cpe:2.3:a:pivotal:credhub_service_broker_for_pcf:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "1.3.2"}, {"cpe23Uri": "cpe:2.3:a:pivotal:metric_registrar_release:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "1.2"}, {"cpe23Uri": "cpe:2.3:a:pivotal:on_demand_service_broker:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "0.29.0"}, {"cpe23Uri": "cpe:2.3:a:pivotal:application_service:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "2.4.10", "versionStartIncluding": "2.4.0"}, {"cpe23Uri": "cpe:2.3:a:pivotal:cloud_foundry_autoscaling_release:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "219"}, {"cpe23Uri": "cpe:2.3:a:pivotal:pivotal_cloud_foundry_service_broker:*:*:*:*:*:aws:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "1.4.13"}, {"cpe23Uri": "cpe:2.3:a:pivotal:single_sign-on:*:*:*:*:*:cloud_foundry:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "1.9.1", "versionStartIncluding": "1.9.0"}, {"cpe23Uri": "cpe:2.3:a:pivotal:single_sign-on:*:*:*:*:*:cloud_foundry:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "1.8.4", "versionStartIncluding": "1.8.0"}, {"cpe23Uri": "cpe:2.3:a:pivotal:single_sign-on:*:*:*:*:*:cloud_foundry:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "1.7.5", "versionStartIncluding": "1.7.0"}, {"cpe23Uri": "cpe:2.3:a:pivotal:cloud_foundry_event_alerts:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "1.2.8"}, {"cpe23Uri": "cpe:2.3:a:pivotal:application_service:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "2.5.6", "versionStartIncluding": "2.5.0"}, {"cpe23Uri": "cpe:2.3:a:pivotal:application_service:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "2.3.14", "versionStartIncluding": "2.3.0"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:appdynamics:platform_montioring:*:*:*:*:*:pivotal_cloud_foundry:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "4.7.712"}, {"cpe23Uri": "cpe:2.3:a:bluemedora:nozzle:*:*:*:*:*:pivotal_cloud_foundry:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "3.1.1"}, {"cpe23Uri": "cpe:2.3:a:contrastsecurity:service_broker:*:*:*:*:*:pivotal_cloud_foundry:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "2.2.0"}, {"cpe23Uri": "cpe:2.3:a:cyberark:conjur_service_broker:*:*:*:*:*:pivotal_cloud_foundry:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "1.1.1"}, {"cpe23Uri": "cpe:2.3:a:samba:volume_service:*:*:*:*:*:pivotal_cloud_foundry:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "1.1.1"}, {"cpe23Uri": "cpe:2.3:a:signalsciences:service_broker:*:*:*:*:*:pivotal_cloud_foundry:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "1.1.0"}, {"cpe23Uri": "cpe:2.3:a:snyk:service_broker:*:*:*:*:*:pivotal_cloud_foundry:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "1.0.3"}, {"cpe23Uri": "cpe:2.3:a:solace:pubsub\\+:*:*:*:*:*:pivotal_cloud_foundry:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "2.3.2"}, {"cpe23Uri": "cpe:2.3:a:anynines:mongodb:*:*:*:*:*:pivotal_cloud_foundry:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "2.1.2"}, {"cpe23Uri": "cpe:2.3:a:apigee:edge_service_broker:*:*:*:*:*:pivotal_cloud_foundry:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "3.1.3"}, {"cpe23Uri": "cpe:2.3:a:appdynamics:application_performance_monitoring:*:*:*:*:*:pivotal_cloud_foundry:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "4.6.64"}, {"cpe23Uri": "cpe:2.3:a:newrelic:dotnet_extension_buildpack:*:*:*:*:*:pivotal_cloud_foundry:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "1.1.1"}, {"cpe23Uri": "cpe:2.3:a:microsoft:azure_service_broker:*:*:*:*:*:pivotal_cloud_foundry:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "1.4.1"}, {"cpe23Uri": "cpe:2.3:a:appdynamics:application_analytics:*:*:*:*:*:pivotal_cloud_foundry:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "4.7.652"}, {"cpe23Uri": "cpe:2.3:a:datadoghq:application_monitoring:*:*:*:*:*:pivotal_cloud_foundry:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "1.7.0"}, {"cpe23Uri": "cpe:2.3:a:datastax:enterprise_service_broker:*:*:*:*:*:pivotal_cloud_foundry:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "1.0.2"}, {"cpe23Uri": "cpe:2.3:a:dynatrace:service_broker:*:*:*:*:*:pivotal_cloud_foundry:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "1.4.2"}, {"cpe23Uri": "cpe:2.3:a:forgerock:service_broker:*:*:*:*:*:pivotal_cloud_foundry:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "2.1.2"}, {"cpe23Uri": "cpe:2.3:a:google:google_cloud_platform_service_broker:*:*:*:*:*:pivotal_cloud_foundry:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "4.2.3"}, {"cpe23Uri": "cpe:2.3:a:ibm:websphere_liberty_:*:*:*:*:*:pivotal_cloud_foundry:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "3.11.0"}, {"cpe23Uri": "cpe:2.3:a:microsoft:azure_log_analytics_nozzle:*:*:*:*:*:pivotal_cloud_foundry:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "1.4.1"}, {"cpe23Uri": "cpe:2.3:a:newrelic:nozzle:*:*:*:*:*:pivotal_cloud_foundry:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "1.1.17"}, {"cpe23Uri": "cpe:2.3:a:pagerduty:service_broker:*:*:*:*:*:pivotal_cloud_foundry:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "1.2.4"}, {"cpe23Uri": "cpe:2.3:a:wavefront:wavefront_by_vmware_nozzle:*:*:*:*:*:pivotal_cloud_foundry:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "1.0.2"}, {"cpe23Uri": "cpe:2.3:a:tibco:businessworks_buildpack:*:*:*:*:container:pivotal_cloud_foundry:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "2.4.4"}, {"cpe23Uri": "cpe:2.3:a:sumologic:nozzle:*:*:*:*:*:pivotal_cloud_foundry:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "1.0.1"}, {"cpe23Uri": "cpe:2.3:a:yugabyte:db_enterprise:*:*:*:*:*:pivotal_cloud_foundry:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "1.1.8"}, {"cpe23Uri": "cpe:2.3:a:anynines:elasticsearch:*:*:*:*:*:pivotal_cloud_foundry:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "2.1.2"}, {"cpe23Uri": "cpe:2.3:a:anynines:logme:*:*:*:*:*:pivotal_cloud_foundry:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "2.1.2"}, {"cpe23Uri": "cpe:2.3:a:anynines:mysql:*:*:*:*:*:pivotal_cloud_foundry:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "2.1.2"}, {"cpe23Uri": "cpe:2.3:a:anynines:postgresql:*:*:*:*:*:pivotal_cloud_foundry:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "2.1.2"}, {"cpe23Uri": "cpe:2.3:a:anynines:rabbitmq:*:*:*:*:*:pivotal_cloud_foundry:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "2.1.2"}, {"cpe23Uri": "cpe:2.3:a:anynines:redis:*:*:*:*:*:pivotal_cloud_foundry:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "2.1.2"}, {"cpe23Uri": "cpe:2.3:a:newrelic:service_broker:*:*:*:*:*:pivotal_cloud_foundry:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "1.12.64"}, {"cpe23Uri": "cpe:2.3:a:riverbed:steelcentral_appinternals:*:*:*:*:*:pivotal_cloud_foundry:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "10.21.1-bl516"}, {"cpe23Uri": "cpe:2.3:a:splunk:nozzle:*:*:*:*:*:pivotal_cloud_foundry:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "1.1.1"}, {"cpe23Uri": "cpe:2.3:a:synopsys:seeker_iast_service_broker:*:*:*:*:*:pivotal_cloud_foundry:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "1.2.14"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2019-10-09T23:49Z"}

7.8 /10