CVE-2019-11277

High

Cloud Foundry NFS Volume Service, 1.7.x versions prior to 1.7.11 and 2.x versions prior to 2.3.0, is vulnerable to LDAP injection. A remote…

pivotal·CWE-90·Published 2019-09-23

CVSS

8.1

EPSS

0.02

KEV

Exploits

cve.orgen

337 chars

Cloud Foundry NFS Volume Service, 1.7.x versions prior to 1.7.11 and 2.x versions prior to 2.3.0, is vulnerable to LDAP injection. A remote authenticated malicious space developer can potentially inject LDAP filters via service instance creation, facilitating the malicious space developer to deny service or perform a dictionary attack.

NVDen

337 chars

NVDes

395 chars

Cloud Foundry NFS Volume Service, versiones 1.7.x anteriores a 1.7.11 y versiones 2.x anteriores a 2.3.0, es vulnerable a la inyección LDAP. Un desarrollador de espacio malicioso autenticado remoto puede inyectar potencialmente filtros LDAP mediante la creación de instancias de servicio, facilitando al desarrollador de espacio malicioso denegar el servicio o realizar un ataque de diccionario.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	5.5	8.0	4.9	AV:N/AC:L/Au:S/C:P/I:N/A:P
3.0	Primary	cve.org	8.4	—	—	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L