{"containers": {"cna": {"affected": [{"product": "Cloud Foundry Foundation BOSH Azure CPI Release v22", "vendor": "n/a", "versions": [{"status": "affected", "version": "Cloud Foundry Foundation BOSH Azure CPI Release v22"}]}], "datePublic": "2017-04-06T00:00:00", "descriptions": [{"lang": "en", "value": "Cloud Foundry Foundation BOSH Azure CPI v22 could potentially allow a maliciously crafted stemcell to execute arbitrary code on VMs created by the director, aka a \"CPI code injection vulnerability.\""}], "problemTypes": [{"descriptions": [{"description": "CPI code injection vulnerability", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-04-06T18:57:01", "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.cloudfoundry.org/cve-2017-4964/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security_alert@emc.com", "ID": "CVE-2017-4964", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cloud Foundry Foundation BOSH Azure CPI Release v22", "version": {"version_data": [{"version_value": "Cloud Foundry Foundation BOSH Azure CPI Release v22"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cloud Foundry Foundation BOSH Azure CPI v22 could potentially allow a maliciously crafted stemcell to execute arbitrary code on VMs created by the director, aka a \"CPI code injection vulnerability.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CPI code injection vulnerability"}]}]}, "references": {"reference_data": [{"name": "https://www.cloudfoundry.org/cve-2017-4964/", "refsource": "CONFIRM", "url": "https://www.cloudfoundry.org/cve-2017-4964/"}]}}}}, "cveMetadata": {"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "assignerShortName": "dell", "cveId": "CVE-2017-4964", "datePublished": "2017-04-06T19:00:00", "dateReserved": "2016-12-29T00:00:00", "dateUpdated": "2017-04-06T18:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cloudfoundry:bosh_azure_cpi:22:*:*:*:*:*:*:*", "matchCriteriaId": "4B646F9B-13CC-48A9-93D5-204E52CBC4CD", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Cloud Foundry Foundation BOSH Azure CPI v22 could potentially allow a maliciously crafted stemcell to execute arbitrary code on VMs created by the director, aka a \"CPI code injection vulnerability.\""}, {"lang": "es", "value": "Cloud Foundry Foundation El BOSH Azure CPI v22 podr\u00eda potencialmente permitir que una c\u00e9lula madre manipulada maliciosamente ejecute c\u00f3digo arbitrario en m\u00e1quinas virtuales creadas por el director, tambi\u00e9n conocido como \"vulnerabilidad de inyecci\u00f3n de c\u00f3digo CPI\"."}], "id": "CVE-2017-4964", "lastModified": "2021-05-27T21:32:37.023", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.0, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-04-06T19:59:00.233", "references": [{"source": "security_alert@emc.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.cloudfoundry.org/cve-2017-4964/"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}