Vulnerabilities (CVE)

Filtered by vendor Pivotal Software Subscribe
Filtered by product Windows Stemcells
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-1197 1 Pivotal Software 1 Windows Stemcells 2024-02-04 6.0 MEDIUM 8.5 HIGH
In Windows Stemcells versions prior to 1200.14, apps running inside containers in Windows on Google Cloud Platform are able to access the metadata endpoint. A malicious developer could use this access to gain privileged credentials.
CVE-2018-1276 1 Pivotal Software 1 Windows Stemcells 2024-02-04 4.0 MEDIUM 6.5 MEDIUM
Windows 2012R2 stemcells, versions prior to 1200.17, contain an information exposure vulnerability on vSphere. A remote user with the ability to push apps can execute crafted commands to read the IaaS metadata from the VM, which may contain BOSH credentials.