Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

stratos

Source -

NVD

CNA CVEs -

0

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

2
Related CVEsRelated VendorsRelated AssignersReports
2Vulnerabilities found
CVE-2019-3783
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-8.7||HIGH
EPSS-0.23% / 45.97%
||
7 Day CHG~0.00%
Published-07 Mar, 2019 | 19:00
Updated-16 Sep, 2024 | 23:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cloud Foundry Stratos Deploys With Public Default Session Store Secret

Cloud Foundry Stratos, versions prior to 2.3.0, deploys with a public default session store secret. A malicious user with default session store secret can brute force another user's current Stratos session, and act on behalf of that user.

Action-Not Available
Vendor-Cloud Foundry
Product-stratosStratos
CWE ID-CWE-384
Session Fixation
CWE ID-CWE-1188
Initialization of a Resource with an Insecure Default
CVE-2019-3784
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-8.2||HIGH
EPSS-0.18% / 39.98%
||
7 Day CHG~0.00%
Published-07 Mar, 2019 | 19:00
Updated-16 Sep, 2024 | 18:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cloud Foundry Stratos contains a Session Collision Vulnerability

Cloud Foundry Stratos, versions prior to 2.3.0, contains an insecure session that can be spoofed. When deployed on cloud foundry with multiple instances using the default embedded SQLite database, a remote authenticated malicious user can switch sessions to another user with the same session id.

Action-Not Available
Vendor-Cloud Foundry
Product-stratosStratos
CWE ID-CWE-384
Session Fixation