📦

stratos

Vendor: cloudfoundry

Actively Exploited 0 CISA KEV List

PoC / Exploits 0 Code Available

Total RCEs 0 Remote Access

Total CVEs 2 Total Indexed

Avg. EPSS 0.21% Exploit Prob.

Latest CVE CVE-2019-3784 Mar 07

Security Vulnerability Index

Page 1 / 1

8.2 CVSS

CVE-2019-3784

Cloud Foundry Stratos, versions prior to 2.3.0, contains an insecure session that can be spoofed. When deployed on cloud foundry with multiple instances using the default embedded SQLite database, a remote authenticated malicious user can switch sessions to another user with the same session id.

EPSS: 0.18%

Severity: HIGH

Mar 07, 2019

8.8 CVSS

CVE-2019-3783

Cloud Foundry Stratos, versions prior to 2.3.0, deploys with a public default session store secret. A malicious user with default session store secret can brute force another user's current Stratos session, and act on behalf of that user.

EPSS: 0.23%

Severity: HIGH

Mar 07, 2019

Displaying 2 of 2 Total Entries

Total 1 Sections