Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:pivotal_software:windows_stemcells:1200.8:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2018-1276 |
Windows 2012R2 stemcells, versions prior to 1200.17, contain an information exposure vulnerability on vSphere. A remote user with the ability to push apps can execute crafted commands to read the IaaS metadata from the VM, which may contain BOSH credentials. Published: May 17, 2018; 4:29:00 PM -0400 |
V4.0:(not available) V3.0: 6.5 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2018-1197 |
In Windows Stemcells versions prior to 1200.14, apps running inside containers in Windows on Google Cloud Platform are able to access the metadata endpoint. A malicious developer could use this access to gain privileged credentials. Published: March 19, 2018; 2:29:00 PM -0400 |
V4.0:(not available) V3.0: 8.5 HIGH V2.0: 6.0 MEDIUM |