{"id":"CVE-2017-4963","details":"An issue was discovered in Cloud Foundry Foundation Cloud Foundry release v252 and earlier versions, UAA stand-alone release v2.0.0 - v2.7.4.12 & v3.0.0 - v3.11.0, and UAA bosh release v26 & earlier versions. UAA is vulnerable to session fixation when configured to authenticate against external SAML or OpenID Connect based identity providers.","modified":"2026-04-10T04:01:34.083308Z","published":"2017-06-13T06:29:00.427Z","references":[{"type":"ADVISORY","url":"https://www.cloudfoundry.org/cve-2017-4963/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/cloudfoundry-attic/cf-release","events":[{"introduced":"0"},{"last_affected":"4e2e687eb3f8ebe6081fc5dc447522b37d3847c3"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"252"}]}},{"type":"GIT","repo":"https://github.com/cloudfoundry/uaa","events":[{"introduced":"6e2a351c64789a7416165191515106639735bf97"},{"last_affected":"7dcb384183b4bb50bc30f1671d5bdeb6fdb01099"},{"introduced":"2324b38f690ff5809fefd8217b319c9dbdc10c99"},{"last_affected":"0e3013bda9c13c630f2dd469368b93cb1b73f006"}],"database_specific":{"versions":[{"introduced":"2.0.0"},{"last_affected":"2.7.4.12"},{"introduced":"3.0.0"},{"last_affected":"3.11.0"}]}},{"type":"GIT","repo":"https://github.com/cloudfoundry/uaa-release","events":[{"introduced":"0"},{"last_affected":"03c13c872ca0fdb1ec317888911fff2628501e2b"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"26"}]}}],"versions":["-","ci-upgrade","list","log","rc145.0","scotty_09012012","v10","v100","v102","v103","v104","v105","v109","v11","v119","v12","v12.3","v132","v133","v134","v135","v136","v137","v14","v140","v143","v15","v156","v157","v16","v161","v17","v170","v18","v183","v19","v2","v20","v205","v21","v22","v23","v24","v245","v249","v25","v252","v26","v3","v6","v7","v8","v9","v99","works-for-us"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-4963.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}