CVE-2019-3784 — HIGH (8.2) — White Hats Nepal

Q: How severe is CVE-2019-3784?

CVE-2019-3784 has been rated HIGH with a CVSS base score of 8.2/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-3784?

Check the references section above for vendor advisories and patch information. Affected products include: Cloudfoundry Stratos.

Vulnerability Description

Cloud Foundry Stratos, versions prior to 2.3.0, contains an insecure session that can be spoofed. When deployed on cloud foundry with multiple instances using the default embedded SQLite database, a remote authenticated malicious user can switch sessions to another user with the same session id.

CVSS Score

8.2

HIGH

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Cloudfoundry	Stratos	< 2.3.0

Related Weaknesses (CWE)

CWE-384

References

https://www.cloudfoundry.org/blog/cve-2019-3784Vendor Advisory
https://www.cloudfoundry.org/blog/cve-2019-3784Vendor Advisory

FAQ

What is CVE-2019-3784?

CVE-2019-3784 is a vulnerability with a CVSS score of 8.2 (HIGH). Cloud Foundry Stratos, versions prior to 2.3.0, contains an insecure session that can be spoofed. When deployed on cloud foundry with multiple instances using the default embedded SQLite database, a r...

How severe is CVE-2019-3784?

CVE-2019-3784 has been rated HIGH with a CVSS base score of 8.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-3784?

Check the references section above for vendor advisories and patch information. Affected products include: Cloudfoundry Stratos.