CVE-2017-4967

Description

An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. Several forms in the RabbitMQ management UI are vulnerable to XSS attacks.

Related CPE's

apivotal_softwarerabbitmq3.6.4*******

apivotal_softwarerabbitmq3.6.0*******

apivotal_softwarerabbitmq3.5.4*******

apivotal_softwarerabbitmq3.5.5*******

apivotal_softwarerabbitmq3.6.1*******

apivotal_softwarerabbitmq3.6.3*******

apivotal_softwarerabbitmq3.6.6*******

apivotal_softwarerabbitmq3.6.5*******

apivotal_softwarerabbitmq3.5.7*******

apivotal_softwarerabbitmq3.6.2*******

References

https://pivotal.io/security/cve-2017-4965

MitigationVendor Advisory

[debian-lts-announce] 20210719 [SECURITY] [DLA 2710-1] rabbitmq-server security update

Third Party Advisory

CvssV3 impact

BaseSeverity

MEDIUM

ConfidentialityImpact

LOW

AttackComplexity

LOW

Scope

CHANGED

AttackVector

NETWORK

AvailabilityImpact

NONE

IntegrityImpact

LOW

PrivilegesRequired

NONE

BaseScore

6.1

VectorString

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Version

3.1

UserInteraction

REQUIRED

CvssV2 impact

Version

2.0

VectorString

AV:N/AC:M/Au:N/C:N/I:P/A:N

AccessVector

NETWORK

AccessComplexity

MEDIUM

Authentication

NONE

ConfidentialityImpact

NONE

IntegrityImpact

PARTIAL

AvailabilityImpact

NONE

BaseScore

4.3

Created by Yello
About Severity.io