Vulnerabilities for Windows stemcells (...) - CXSECURITY.COM

Vulnerabilities for 'Windows stemcells'

2018-05-17

CVE-2018-1276

CWE-200

Windows 2012R2 stemcells, versions prior to 1200.17, contain an information exposure vulnerability on vSphere. A remote user with the ability to push apps can execute crafted commands to read the IaaS metadata from the VM, which may contain BOSH credentials.

2018-03-19

CVE-2018-1197

CWE-732

In Windows Stemcells versions prior to 1200.14, apps running inside containers in Windows on Google Cloud Platform are able to access the metadata endpoint. A malicious developer could use this access to gain privileged credentials.

>>> Vendor: Pivotal software 54 Products

Rabbitmq management

Spring framework

Cloud foundry elastic runtime

Cloud foundry ops manager

Cloud foundry uaa

Cloud foundry uaa bosh

Operations manager

Spring data jpa

Cloud foundry cf mysql

Gemfire for pivotal cloud foundry

Spring security

Cloud foundry elastic runtime cf release

Cloud foundry uaa release

Cloud foundry cf release

Cloud foundry garden linux

Cloud foundry cf

Single sign-on for pivotal cloud foundry

Spring advanced message queuing protocol

Credhub-release

Spring data rest

Cloud foundry uaa-release

Spring batch admin

Spring data commons

Spring cloud sso connector

Spring security oauth

Windows stemcells

Spring integration zip

Pivotal application service

Cloud foundry cf-deployment

Cloudfoundry uaa release

Cloudfoundry uaa

Spring integration

Spring web services

Cloud foundry cf-release

Application service

Pivotal container service

Credhub service broker

Spring data java persistance api

Copyright 2024, cxsecurity.com