CVE-2018-1276

{"id": "CVE-2018-1276", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2018-05-17T20:29:00.197", "references": [{"url": "https://www.cloudfoundry.org/blog/cve-2018-1276/", "tags": ["Vendor Advisory"], "source": "security_alert@emc.com"}, {"url": "https://www.cloudfoundry.org/blog/cve-2018-1276/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "Windows 2012R2 stemcells, versions prior to 1200.17, contain an information exposure vulnerability on vSphere. A remote user with the ability to push apps can execute crafted commands to read the IaaS metadata from the VM, which may contain BOSH credentials."}, {"lang": "es", "value": "Las stemcells de Windows 2012R2, en versiones anteriores a la 1200.17, contienen una vulnerabilidad de fuga de informaci\u00f3n en vSphere. Un usuario remoto con la habilidad de insertar aplicaciones puede ejecutar comandos manipulados para leer los metadatos IaaS del VM, que podr\u00eda contener credenciales BOSH."}], "lastModified": "2024-11-21T03:59:31.537", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:pivotal_software:windows_stemcells:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C127E335-319E-4AA5-B7B6-A0EF4629F010", "versionEndExcluding": "1200.17"}], "operator": "OR"}]}], "sourceIdentifier": "security_alert@emc.com"}