{"api_version":"1","generated_at":"2026-04-23T01:32:17+00:00","cve":"CVE-2021-22100","urls":{"html":"https://cve.report/CVE-2021-22100","api":"https://cve.report/api/cve/CVE-2021-22100.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-22100","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-22100"},"summary":{"title":"CVE-2021-22100","description":"In cloud foundry CAPI versions prior to 1.122, a denial-of-service attack in which a developer can push a service broker that (accidentally or maliciously) causes CC instances to timeout and fail is possible. An attacker can leverage this vulnerability to cause an inability for anyone to push or manage apps.","state":"PUBLIC","assigner":"security@vmware.com","published_at":"2022-03-25 19:15:00","updated_at":"2022-04-04 16:52:00"},"problem_types":["CWE-400"],"metrics":[],"references":[{"url":"https://www.cloudfoundry.org/blog/cve-2021-22100-cloud-controller-is-vulnerable-to-denial-of-service-due-to-misbehaving-service-brokers/","name":"https://www.cloudfoundry.org/blog/cve-2021-22100-cloud-controller-is-vulnerable-to-denial-of-service-due-to-misbehaving-service-brokers/","refsource":"MISC","tags":[],"title":"CVE-2021-22100: Cloud Controller is vulnerable to denial of service due to misbehaving service brokers | Cloud Foundry","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-22100","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-22100","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"22100","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"cloudfoundry","cpe5":"capi-release","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22100","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"cloudfoundry","cpe5":"cf-deployment","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2021-22100","ASSIGNER":"security@vmware.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"Cloud Controller (CAPI) by cloud foundry","version":{"version_data":[{"version_value":"CAPI versions prior to  1.122.0"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-400: Uncontrolled Resource Consumption"}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"https://www.cloudfoundry.org/blog/cve-2021-22100-cloud-controller-is-vulnerable-to-denial-of-service-due-to-misbehaving-service-brokers/","url":"https://www.cloudfoundry.org/blog/cve-2021-22100-cloud-controller-is-vulnerable-to-denial-of-service-due-to-misbehaving-service-brokers/"}]},"description":{"description_data":[{"lang":"eng","value":"In cloud foundry CAPI versions prior to 1.122, a denial-of-service attack in which a developer can push a service broker that (accidentally or maliciously) causes CC instances to timeout and fail is possible. An attacker can leverage this vulnerability to cause an inability for anyone to push or manage apps."}]}},"nvd":{"publishedDate":"2022-03-25 19:15:00","lastModifiedDate":"2022-04-04 16:52:00","problem_types":["CWE-400"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW","baseScore":5.3,"baseSeverity":"MEDIUM"},"exploitabilityScore":3.9,"impactScore":1.4},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL","baseScore":5},"severity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:cloudfoundry:capi-release:*:*:*:*:*:*:*:*","versionEndExcluding":"1.122.0","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:cloudfoundry:cf-deployment:*:*:*:*:*:*:*:*","versionEndExcluding":"17.1.0","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"22100","Ordinal":"196795","Title":"CVE-2021-22100","CVE":"CVE-2021-22100","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"22100","Ordinal":"1","NoteData":"** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.","Type":"Description","Title":null}]}}}