) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- CPE Product Version: cpe:/a:pivotal_software:rabbitmq:1.7.13::~~~pivotal_cloud_foundry~~
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2017-4967 |
An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. Several forms in the RabbitMQ management UI are vulnerable to XSS attacks. Published: June 13, 2017; 2:29:00 AM -0400 |
V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2017-4966 |
An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. RabbitMQ management UI stores signed-in user credentials in a browser's local storage without expiration, making it possible to retrieve them using a chained attack. Published: June 13, 2017; 2:29:00 AM -0400 |
V3.1: 7.8 HIGH V2.0: 2.1 LOW |
| CVE-2017-4965 |
An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. Several forms in the RabbitMQ management UI are vulnerable to XSS attacks. Published: June 13, 2017; 2:29:00 AM -0400 |
V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |