All the vulnerabilites related to pivotal_software - cloud_foundry_elastic_runtime
cve-2016-6657
Vulnerability from cvelistv5
Published
2016-12-16 09:02
Modified
2024-08-06 01:36
Severity ?
EPSS score ?
Summary
An open redirect vulnerability has been detected with some Pivotal Cloud Foundry Elastic Runtime components. Users of affected versions should apply the following mitigation: Upgrade PCF Elastic Runtime 1.8.x versions to 1.8.12 or later. Upgrade PCF Ops Manager 1.7.x versions to 1.7.18 or later and 1.8.x versions to 1.8.10 or later.
References
| ▼ | URL | Tags |
|---|---|---|
| https://pivotal.io/security/cve-2016-6657 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/94126 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | PCF Elastic Runtime 1.8.x versions prior to 1.8.12 and PCF Ops Manager 1.7.x versions prior to 1.7.18 and 1.8.x versions prior to 1.8.10 |
Version: PCF Elastic Runtime 1.8.x versions prior to 1.8.12 and PCF Ops Manager 1.7.x versions prior to 1.7.18 and 1.8.x versions prior to 1.8.10 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:36:29.434Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2016-6657"
},
{
"name": "94126",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94126"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PCF Elastic Runtime 1.8.x versions prior to 1.8.12 and PCF Ops Manager 1.7.x versions prior to 1.7.18 and 1.8.x versions prior to 1.8.10",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "PCF Elastic Runtime 1.8.x versions prior to 1.8.12 and PCF Ops Manager 1.7.x versions prior to 1.7.18 and 1.8.x versions prior to 1.8.10"
}
]
}
],
"datePublic": "2016-12-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An open redirect vulnerability has been detected with some Pivotal Cloud Foundry Elastic Runtime components. Users of affected versions should apply the following mitigation: Upgrade PCF Elastic Runtime 1.8.x versions to 1.8.12 or later. Upgrade PCF Ops Manager 1.7.x versions to 1.7.18 or later and 1.8.x versions to 1.8.10 or later."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Open redirect vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-16T10:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2016-6657"
},
{
"name": "94126",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94126"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2016-6657",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PCF Elastic Runtime 1.8.x versions prior to 1.8.12 and PCF Ops Manager 1.7.x versions prior to 1.7.18 and 1.8.x versions prior to 1.8.10",
"version": {
"version_data": [
{
"version_value": "PCF Elastic Runtime 1.8.x versions prior to 1.8.12 and PCF Ops Manager 1.7.x versions prior to 1.7.18 and 1.8.x versions prior to 1.8.10"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An open redirect vulnerability has been detected with some Pivotal Cloud Foundry Elastic Runtime components. Users of affected versions should apply the following mitigation: Upgrade PCF Elastic Runtime 1.8.x versions to 1.8.12 or later. Upgrade PCF Ops Manager 1.7.x versions to 1.7.18 or later and 1.8.x versions to 1.8.10 or later."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Open redirect vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pivotal.io/security/cve-2016-6657",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2016-6657"
},
{
"name": "94126",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94126"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2016-6657",
"datePublished": "2016-12-16T09:02:00",
"dateReserved": "2016-08-10T00:00:00",
"dateUpdated": "2024-08-06T01:36:29.434Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-3189
Vulnerability from cvelistv5
Published
2017-05-25 17:00
Modified
2024-08-06 05:39
Severity ?
EPSS score ?
Summary
With Cloud Foundry Runtime cf-release versions v208 or earlier, UAA Standalone versions 2.2.5 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier, old Password Reset Links are not expired after the user changes their current email address to a new one. This vulnerability is applicable only when using the UAA internal user store for authentication. Deployments enabled for integration via SAML or LDAP are not affected.
References
| ▼ | URL | Tags |
|---|---|---|
| https://pivotal.io/security/cve-2015-3189 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Pivotal | Cloud Foundry |
Version: Runtime cf-release versions v208 or earlier Version: UAA Standalone versions 2.2.5 or earlier Version: Runtime 1.4.5 or earlier |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:39:32.005Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2015-3189"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cloud Foundry",
"vendor": "Pivotal",
"versions": [
{
"status": "affected",
"version": "Runtime cf-release versions v208 or earlier"
},
{
"status": "affected",
"version": "UAA Standalone versions 2.2.5 or earlier"
},
{
"status": "affected",
"version": "Runtime 1.4.5 or earlier"
}
]
}
],
"datePublic": "2015-06-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "With Cloud Foundry Runtime cf-release versions v208 or earlier, UAA Standalone versions 2.2.5 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier, old Password Reset Links are not expired after the user changes their current email address to a new one. This vulnerability is applicable only when using the UAA internal user store for authentication. Deployments enabled for integration via SAML or LDAP are not affected."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Password reset weakness",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-25T16:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2015-3189"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2015-3189",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cloud Foundry",
"version": {
"version_data": [
{
"version_value": "Runtime cf-release versions v208 or earlier"
},
{
"version_value": "UAA Standalone versions 2.2.5 or earlier"
},
{
"version_value": "Runtime 1.4.5 or earlier"
}
]
}
}
]
},
"vendor_name": "Pivotal"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "With Cloud Foundry Runtime cf-release versions v208 or earlier, UAA Standalone versions 2.2.5 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier, old Password Reset Links are not expired after the user changes their current email address to a new one. This vulnerability is applicable only when using the UAA internal user store for authentication. Deployments enabled for integration via SAML or LDAP are not affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Password reset weakness"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pivotal.io/security/cve-2015-3189",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2015-3189"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2015-3189",
"datePublished": "2017-05-25T17:00:00",
"dateReserved": "2015-04-10T00:00:00",
"dateUpdated": "2024-08-06T05:39:32.005Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-4468
Vulnerability from cvelistv5
Published
2017-04-11 15:00
Modified
2024-08-06 00:32
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in Pivotal Cloud Foundry (PCF) before 238; UAA 2.x before 2.7.4.4, 3.x before 3.3.0.2, and 3.4.x before 3.4.1; UAA BOSH before 11.2 and 12.x before 12.2; Elastic Runtime before 1.6.29 and 1.7.x before 1.7.7; and Ops Manager 1.7.x before 1.7.8 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.cloudfoundry.org/archives/list/cf-dev%40lists.cloudfoundry.org/thread/WMTZBIH5U7DTOOX2SNRVTPQI3U2AINOB/ | mailing-list, x_refsource_MLIST | |
| https://pivotal.io/security/cve-2016-4468 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:32:25.512Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[cf-dev] 20160630 CVE-2016-4468 UAA SQL Injection",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.cloudfoundry.org/archives/list/cf-dev%40lists.cloudfoundry.org/thread/WMTZBIH5U7DTOOX2SNRVTPQI3U2AINOB/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2016-4468"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-06-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Pivotal Cloud Foundry (PCF) before 238; UAA 2.x before 2.7.4.4, 3.x before 3.3.0.2, and 3.4.x before 3.4.1; UAA BOSH before 11.2 and 12.x before 12.2; Elastic Runtime before 1.6.29 and 1.7.x before 1.7.7; and Ops Manager 1.7.x before 1.7.8 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-11T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[cf-dev] 20160630 CVE-2016-4468 UAA SQL Injection",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.cloudfoundry.org/archives/list/cf-dev%40lists.cloudfoundry.org/thread/WMTZBIH5U7DTOOX2SNRVTPQI3U2AINOB/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2016-4468"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-4468",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in Pivotal Cloud Foundry (PCF) before 238; UAA 2.x before 2.7.4.4, 3.x before 3.3.0.2, and 3.4.x before 3.4.1; UAA BOSH before 11.2 and 12.x before 12.2; Elastic Runtime before 1.6.29 and 1.7.x before 1.7.7; and Ops Manager 1.7.x before 1.7.8 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[cf-dev] 20160630 CVE-2016-4468 UAA SQL Injection",
"refsource": "MLIST",
"url": "https://lists.cloudfoundry.org/archives/list/cf-dev@lists.cloudfoundry.org/thread/WMTZBIH5U7DTOOX2SNRVTPQI3U2AINOB/"
},
{
"name": "https://pivotal.io/security/cve-2016-4468",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2016-4468"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-4468",
"datePublished": "2017-04-11T15:00:00",
"dateReserved": "2016-05-02T00:00:00",
"dateUpdated": "2024-08-06T00:32:25.512Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-6658
Vulnerability from cvelistv5
Published
2018-03-29 22:00
Modified
2024-08-06 01:36
Severity ?
EPSS score ?
Summary
Applications in cf-release before 245 can be configured and pushed with a user-provided custom buildpack using a URL pointing to the buildpack. Although it is not recommended, a user can specify a credential in the URL (basic auth or OAuth) to access the buildpack through the CLI. For example, the user could include a GitHub username and password in the URL to access a private repo. Because the URL to access the buildpack is stored unencrypted, an operator with privileged access to the Cloud Controller database could view these credentials.
References
| ▼ | URL | Tags |
|---|---|---|
| https://pivotal.io/security/cve-2016-6658 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:36:29.571Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2016-6658"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-08-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Applications in cf-release before 245 can be configured and pushed with a user-provided custom buildpack using a URL pointing to the buildpack. Although it is not recommended, a user can specify a credential in the URL (basic auth or OAuth) to access the buildpack through the CLI. For example, the user could include a GitHub username and password in the URL to access a private repo. Because the URL to access the buildpack is stored unencrypted, an operator with privileged access to the Cloud Controller database could view these credentials."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-29T21:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2016-6658"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2016-6658",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Applications in cf-release before 245 can be configured and pushed with a user-provided custom buildpack using a URL pointing to the buildpack. Although it is not recommended, a user can specify a credential in the URL (basic auth or OAuth) to access the buildpack through the CLI. For example, the user could include a GitHub username and password in the URL to access a private repo. Because the URL to access the buildpack is stored unencrypted, an operator with privileged access to the Cloud Controller database could view these credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pivotal.io/security/cve-2016-6658",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2016-6658"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2016-6658",
"datePublished": "2018-03-29T22:00:00",
"dateReserved": "2016-08-10T00:00:00",
"dateUpdated": "2024-08-06T01:36:29.571Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-3191
Vulnerability from cvelistv5
Published
2017-05-25 17:00
Modified
2024-08-06 05:39
Severity ?
EPSS score ?
Summary
With Cloud Foundry Runtime cf-release versions v209 or earlier, UAA Standalone versions 2.2.6 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier the change_email form in UAA is vulnerable to a CSRF attack. This allows an attacker to trigger an e-mail change for a user logged into a cloud foundry instance via a malicious link on a attacker controlled site. This vulnerability is applicable only when using the UAA internal user store for authentication. Deployments enabled for integration via SAML or LDAP are not affected.
References
| ▼ | URL | Tags |
|---|---|---|
| https://pivotal.io/security/cve-2015-3191 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Pivotal | Cloud Foundry |
Version: Runtime cf-release versions v209 or earlier Version: UAA Standalone versions 2.2.6 or earlier Version: Runtime 1.4.5 or earlier |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:39:31.578Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2015-3191"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cloud Foundry",
"vendor": "Pivotal",
"versions": [
{
"status": "affected",
"version": "Runtime cf-release versions v209 or earlier"
},
{
"status": "affected",
"version": "UAA Standalone versions 2.2.6 or earlier"
},
{
"status": "affected",
"version": "Runtime 1.4.5 or earlier"
}
]
}
],
"datePublic": "2015-06-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "With Cloud Foundry Runtime cf-release versions v209 or earlier, UAA Standalone versions 2.2.6 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier the change_email form in UAA is vulnerable to a CSRF attack. This allows an attacker to trigger an e-mail change for a user logged into a cloud foundry instance via a malicious link on a attacker controlled site. This vulnerability is applicable only when using the UAA internal user store for authentication. Deployments enabled for integration via SAML or LDAP are not affected."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CSRF",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-25T16:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2015-3191"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2015-3191",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cloud Foundry",
"version": {
"version_data": [
{
"version_value": "Runtime cf-release versions v209 or earlier"
},
{
"version_value": "UAA Standalone versions 2.2.6 or earlier"
},
{
"version_value": "Runtime 1.4.5 or earlier"
}
]
}
}
]
},
"vendor_name": "Pivotal"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "With Cloud Foundry Runtime cf-release versions v209 or earlier, UAA Standalone versions 2.2.6 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier the change_email form in UAA is vulnerable to a CSRF attack. This allows an attacker to trigger an e-mail change for a user logged into a cloud foundry instance via a malicious link on a attacker controlled site. This vulnerability is applicable only when using the UAA internal user store for authentication. Deployments enabled for integration via SAML or LDAP are not affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CSRF"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pivotal.io/security/cve-2015-3191",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2015-3191"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2015-3191",
"datePublished": "2017-05-25T17:00:00",
"dateReserved": "2015-04-10T00:00:00",
"dateUpdated": "2024-08-06T05:39:31.578Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-5170
Vulnerability from cvelistv5
Published
2017-10-24 17:00
Modified
2024-08-06 06:41
Severity ?
EPSS score ?
Summary
Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow remote attackers to conduct cross-site request forgery (CSRF) attacks on PWS and log a user into an arbitrary account by leveraging lack of CSRF checks.
References
| ▼ | URL | Tags |
|---|---|---|
| https://pivotal.io/security/cve-2015-5170-5173 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/101579 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:41:07.967Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2015-5170-5173"
},
{
"name": "101579",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101579"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow remote attackers to conduct cross-site request forgery (CSRF) attacks on PWS and log a user into an arbitrary account by leveraging lack of CSRF checks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-27T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2015-5170-5173"
},
{
"name": "101579",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101579"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5170",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow remote attackers to conduct cross-site request forgery (CSRF) attacks on PWS and log a user into an arbitrary account by leveraging lack of CSRF checks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pivotal.io/security/cve-2015-5170-5173",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2015-5170-5173"
},
{
"name": "101579",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101579"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-5170",
"datePublished": "2017-10-24T17:00:00",
"dateReserved": "2015-07-01T00:00:00",
"dateUpdated": "2024-08-06T06:41:07.967Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-0715
Vulnerability from cvelistv5
Published
2018-09-11 17:00
Modified
2024-09-16 16:48
Severity ?
EPSS score ?
Summary
Pivotal Cloud Foundry Elastic Runtime version 1.4.0 through 1.4.5, 1.5.0 through 1.5.11 and 1.6.0 through 1.6.11 is vulnerable to a remote information disclosure. It was found that original mitigation configuration instructions provided as part of CVE-2016-0708 were incomplete and could leave PHP Buildpack, Staticfile Buildpack and potentially other custom Buildpack applications vulnerable to remote information disclosure. Affected applications use automated buildpack detection, serve files directly from the root of the application and have a buildpack that matched after the Java Buildpack in the system buildpack priority when Java Buildpack versions 2.0 through 3.4 were present.
References
| ▼ | URL | Tags |
|---|---|---|
| https://pivotal.io/security/cve-2016-0715 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Pivotal | Pivotal Cloud Foundry Elastic Runtime |
Version: 1.4.0 through 1.4.5 Version: 1.5.0 through 1.5.11 Version: 1.6.0 through 1.6.11 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:30:03.868Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2016-0715"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Pivotal Cloud Foundry Elastic Runtime",
"vendor": "Pivotal",
"versions": [
{
"status": "affected",
"version": "1.4.0 through 1.4.5"
},
{
"status": "affected",
"version": "1.5.0 through 1.5.11"
},
{
"status": "affected",
"version": "1.6.0 through 1.6.11"
}
]
}
],
"datePublic": "2015-01-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Pivotal Cloud Foundry Elastic Runtime version 1.4.0 through 1.4.5, 1.5.0 through 1.5.11 and 1.6.0 through 1.6.11 is vulnerable to a remote information disclosure. It was found that original mitigation configuration instructions provided as part of CVE-2016-0708 were incomplete and could leave PHP Buildpack, Staticfile Buildpack and potentially other custom Buildpack applications vulnerable to remote information disclosure. Affected applications use automated buildpack detection, serve files directly from the root of the application and have a buildpack that matched after the Java Buildpack in the system buildpack priority when Java Buildpack versions 2.0 through 3.4 were present."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-11T16:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2016-0715"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC": "2015-01-18T00:00:00",
"ID": "CVE-2016-0715",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Pivotal Cloud Foundry Elastic Runtime",
"version": {
"version_data": [
{
"version_value": "1.4.0 through 1.4.5"
},
{
"version_value": "1.5.0 through 1.5.11"
},
{
"version_value": "1.6.0 through 1.6.11"
}
]
}
}
]
},
"vendor_name": "Pivotal"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pivotal Cloud Foundry Elastic Runtime version 1.4.0 through 1.4.5, 1.5.0 through 1.5.11 and 1.6.0 through 1.6.11 is vulnerable to a remote information disclosure. It was found that original mitigation configuration instructions provided as part of CVE-2016-0708 were incomplete and could leave PHP Buildpack, Staticfile Buildpack and potentially other custom Buildpack applications vulnerable to remote information disclosure. Affected applications use automated buildpack detection, serve files directly from the root of the application and have a buildpack that matched after the Java Buildpack in the system buildpack priority when Java Buildpack versions 2.0 through 3.4 were present."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pivotal.io/security/cve-2016-0715",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2016-0715"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-0715",
"datePublished": "2018-09-11T17:00:00Z",
"dateReserved": "2015-12-16T00:00:00",
"dateUpdated": "2024-09-16T16:48:30.435Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-6651
Vulnerability from cvelistv5
Published
2016-09-30 00:00
Modified
2024-08-06 01:36
Severity ?
EPSS score ?
Summary
The UAA /oauth/token endpoint in Pivotal Cloud Foundry (PCF) before 243; UAA 2.x before 2.7.4.8, 3.x before 3.3.0.6, and 3.4.x before 3.4.5; UAA BOSH before 11.7 and 12.x before 12.6; Elastic Runtime before 1.6.40, 1.7.x before 1.7.21, and 1.8.x before 1.8.2; and Ops Manager 1.7.x before 1.7.13 and 1.8.x before 1.8.1 allows remote authenticated users to gain privileges by leveraging possession of a token.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/93241 | vdb-entry, x_refsource_BID | |
| https://pivotal.io/security/cve-2016-6651 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:36:29.550Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "93241",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93241"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2016-6651"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The UAA /oauth/token endpoint in Pivotal Cloud Foundry (PCF) before 243; UAA 2.x before 2.7.4.8, 3.x before 3.3.0.6, and 3.4.x before 3.4.5; UAA BOSH before 11.7 and 12.x before 12.6; Elastic Runtime before 1.6.40, 1.7.x before 1.7.21, and 1.8.x before 1.8.2; and Ops Manager 1.7.x before 1.7.13 and 1.8.x before 1.8.1 allows remote authenticated users to gain privileges by leveraging possession of a token."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "93241",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93241"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2016-6651"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2016-6651",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The UAA /oauth/token endpoint in Pivotal Cloud Foundry (PCF) before 243; UAA 2.x before 2.7.4.8, 3.x before 3.3.0.6, and 3.4.x before 3.4.5; UAA BOSH before 11.7 and 12.x before 12.6; Elastic Runtime before 1.6.40, 1.7.x before 1.7.21, and 1.8.x before 1.8.2; and Ops Manager 1.7.x before 1.7.13 and 1.8.x before 1.8.1 allows remote authenticated users to gain privileges by leveraging possession of a token."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "93241",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93241"
},
{
"name": "https://pivotal.io/security/cve-2016-6651",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2016-6651"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2016-6651",
"datePublished": "2016-09-30T00:00:00",
"dateReserved": "2016-08-10T00:00:00",
"dateUpdated": "2024-08-06T01:36:29.550Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-0761
Vulnerability from cvelistv5
Published
2017-05-25 17:00
Modified
2024-08-05 22:30
Severity ?
EPSS score ?
Summary
Cloud Foundry Garden-Linux versions prior to v0.333.0 and Elastic Runtime 1.6.x version prior to 1.6.17 contain a flaw in managing container files during Docker image preparation that could be used to delete, corrupt or overwrite host files and directories, including other container filesystems on the host.
References
| ▼ | URL | Tags |
|---|---|---|
| https://pivotal.io/security/cve-2016-0761 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Pivotal | Cloud Foundry |
Version: Garden-Linux versions prior to v0.333.0 Version: Elastic Runtime 1.6.x version prior to 1.6.17. |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:30:04.112Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2016-0761"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cloud Foundry",
"vendor": "Pivotal",
"versions": [
{
"status": "affected",
"version": "Garden-Linux versions prior to v0.333.0"
},
{
"status": "affected",
"version": "Elastic Runtime 1.6.x version prior to 1.6.17."
}
]
}
],
"datePublic": "2016-02-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cloud Foundry Garden-Linux versions prior to v0.333.0 and Elastic Runtime 1.6.x version prior to 1.6.17 contain a flaw in managing container files during Docker image preparation that could be used to delete, corrupt or overwrite host files and directories, including other container filesystems on the host."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "File corruption",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-25T16:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2016-0761"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2016-0761",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cloud Foundry",
"version": {
"version_data": [
{
"version_value": "Garden-Linux versions prior to v0.333.0"
},
{
"version_value": "Elastic Runtime 1.6.x version prior to 1.6.17."
}
]
}
}
]
},
"vendor_name": "Pivotal"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cloud Foundry Garden-Linux versions prior to v0.333.0 and Elastic Runtime 1.6.x version prior to 1.6.17 contain a flaw in managing container files during Docker image preparation that could be used to delete, corrupt or overwrite host files and directories, including other container filesystems on the host."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "File corruption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pivotal.io/security/cve-2016-0761",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2016-0761"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2016-0761",
"datePublished": "2017-05-25T17:00:00",
"dateReserved": "2015-12-16T00:00:00",
"dateUpdated": "2024-08-05T22:30:04.112Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-6637
Vulnerability from cvelistv5
Published
2016-09-30 00:00
Modified
2024-08-06 01:36
Severity ?
EPSS score ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x before 2.7.4.7, 3.x before 3.3.0.5, and 3.4.x before 3.4.4; UAA BOSH before 11.5 and 12.x before 12.5; Elastic Runtime before 1.6.40, 1.7.x before 1.7.21, and 1.8.x before 1.8.2; and Ops Manager 1.7.x before 1.7.13 and 1.8.x before 1.8.1 allow remote attackers to hijack the authentication of unspecified victims for requests that approve or deny a scope via a profile or authorize approval page.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/93245 | vdb-entry, x_refsource_BID | |
| https://pivotal.io/security/cve-2016-6637 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:36:29.442Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "93245",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93245"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2016-6637"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x before 2.7.4.7, 3.x before 3.3.0.5, and 3.4.x before 3.4.4; UAA BOSH before 11.5 and 12.x before 12.5; Elastic Runtime before 1.6.40, 1.7.x before 1.7.21, and 1.8.x before 1.8.2; and Ops Manager 1.7.x before 1.7.13 and 1.8.x before 1.8.1 allow remote attackers to hijack the authentication of unspecified victims for requests that approve or deny a scope via a profile or authorize approval page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "93245",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93245"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2016-6637"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2016-6637",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x before 2.7.4.7, 3.x before 3.3.0.5, and 3.4.x before 3.4.4; UAA BOSH before 11.5 and 12.x before 12.5; Elastic Runtime before 1.6.40, 1.7.x before 1.7.21, and 1.8.x before 1.8.2; and Ops Manager 1.7.x before 1.7.13 and 1.8.x before 1.8.1 allow remote attackers to hijack the authentication of unspecified victims for requests that approve or deny a scope via a profile or authorize approval page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "93245",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93245"
},
{
"name": "https://pivotal.io/security/cve-2016-6637",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2016-6637"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2016-6637",
"datePublished": "2016-09-30T00:00:00",
"dateReserved": "2016-08-10T00:00:00",
"dateUpdated": "2024-08-06T01:36:29.442Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-5006
Vulnerability from cvelistv5
Published
2017-05-02 14:00
Modified
2024-08-06 00:46
Severity ?
EPSS score ?
Summary
The Cloud Controller in Cloud Foundry before 239 logs user-provided service objects at creation, which allows attackers to obtain sensitive user credential information via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.cloudfoundry.org/CVE-2016-5006/ | x_refsource_CONFIRM | |
| https://pivotal.io/security/cve-2016-5006 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:46:40.215Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cloudfoundry.org/CVE-2016-5006/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2016-5006"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-07-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Cloud Controller in Cloud Foundry before 239 logs user-provided service objects at creation, which allows attackers to obtain sensitive user credential information via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-02T13:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cloudfoundry.org/CVE-2016-5006/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2016-5006"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-5006",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Cloud Controller in Cloud Foundry before 239 logs user-provided service objects at creation, which allows attackers to obtain sensitive user credential information via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cloudfoundry.org/CVE-2016-5006/",
"refsource": "CONFIRM",
"url": "https://www.cloudfoundry.org/CVE-2016-5006/"
},
{
"name": "https://pivotal.io/security/cve-2016-5006",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2016-5006"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-5006",
"datePublished": "2017-05-02T14:00:00",
"dateReserved": "2016-05-24T00:00:00",
"dateUpdated": "2024-08-06T00:46:40.215Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-3084
Vulnerability from cvelistv5
Published
2017-05-25 17:00
Modified
2024-08-05 23:40
Severity ?
EPSS score ?
Summary
The UAA reset password flow in Cloud Foundry release v236 and earlier versions, UAA release v3.3.0 and earlier versions, all versions of Login-server, UAA release v10 and earlier versions and Pivotal Elastic Runtime versions prior to 1.7.2 is vulnerable to a brute force attack due to multiple active codes at a given time. This vulnerability is applicable only when using the UAA internal user store for authentication. Deployments enabled for integration via SAML or LDAP are not affected.
References
| ▼ | URL | Tags |
|---|---|---|
| https://pivotal.io/security/cve-2016-3084 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Pivotal | Cloud Foundry |
Version: release v236 and earlier versions Version: UAA release v3.3.0 and earlier versions Version: All versions of Login-server Version: UAA release v10 and earlier versions Version: Elastic Runtime versions prior to 1.7.2 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:40:15.665Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2016-3084"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cloud Foundry",
"vendor": "Pivotal",
"versions": [
{
"status": "affected",
"version": "release v236 and earlier versions"
},
{
"status": "affected",
"version": "UAA release v3.3.0 and earlier versions"
},
{
"status": "affected",
"version": "All versions of Login-server"
},
{
"status": "affected",
"version": "UAA release v10 and earlier versions"
},
{
"status": "affected",
"version": "Elastic Runtime versions prior to 1.7.2"
}
]
}
],
"datePublic": "2016-05-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The UAA reset password flow in Cloud Foundry release v236 and earlier versions, UAA release v3.3.0 and earlier versions, all versions of Login-server, UAA release v10 and earlier versions and Pivotal Elastic Runtime versions prior to 1.7.2 is vulnerable to a brute force attack due to multiple active codes at a given time. This vulnerability is applicable only when using the UAA internal user store for authentication. Deployments enabled for integration via SAML or LDAP are not affected."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XSS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-25T16:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2016-3084"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2016-3084",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cloud Foundry",
"version": {
"version_data": [
{
"version_value": "release v236 and earlier versions"
},
{
"version_value": "UAA release v3.3.0 and earlier versions"
},
{
"version_value": "All versions of Login-server"
},
{
"version_value": "UAA release v10 and earlier versions"
},
{
"version_value": "Elastic Runtime versions prior to 1.7.2"
}
]
}
}
]
},
"vendor_name": "Pivotal"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The UAA reset password flow in Cloud Foundry release v236 and earlier versions, UAA release v3.3.0 and earlier versions, all versions of Login-server, UAA release v10 and earlier versions and Pivotal Elastic Runtime versions prior to 1.7.2 is vulnerable to a brute force attack due to multiple active codes at a given time. This vulnerability is applicable only when using the UAA internal user store for authentication. Deployments enabled for integration via SAML or LDAP are not affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pivotal.io/security/cve-2016-3084",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2016-3084"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2016-3084",
"datePublished": "2017-05-25T17:00:00",
"dateReserved": "2016-03-10T00:00:00",
"dateUpdated": "2024-08-05T23:40:15.665Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-0927
Vulnerability from cvelistv5
Published
2016-09-18 01:00
Modified
2024-08-05 22:38
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.17 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://pivotal.io/security/cve-2016-0927 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:38:41.235Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2016-0927"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.17 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-09-18T01:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2016-0927"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2016-0927",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.17 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pivotal.io/security/cve-2016-0927",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2016-0927"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2016-0927",
"datePublished": "2016-09-18T01:00:00",
"dateReserved": "2015-12-17T00:00:00",
"dateUpdated": "2024-08-05T22:38:41.235Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-1834
Vulnerability from cvelistv5
Published
2017-05-25 17:00
Modified
2024-08-06 04:54
Severity ?
EPSS score ?
Summary
A path traversal vulnerability was identified in the Cloud Foundry component Cloud Controller that affects cf-release versions prior to v208 and Pivotal Cloud Foundry Elastic Runtime versions prior to 1.4.2. Path traversal is the 'outbreak' of a given directory structure through relative file paths in the user input. It aims at accessing files and directories that are stored outside the web root folder, for disallowed reading or even executing arbitrary system commands. An attacker could use a certain parameter of the file path for instance to inject '../' sequences in order to navigate through the file system. In this particular case a remote authenticated attacker can exploit the identified vulnerability in order to upload arbitrary files to the server running a Cloud Controller instance - outside the isolated application container.
References
| ▼ | URL | Tags |
|---|---|---|
| https://pivotal.io/security/cve-2015-1834 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/98691 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Pivotal | Cloud Foundry |
Version: cf-release versions prior to v208 Version: Elastic Runtime versions prior to 1.4.2 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:54:16.330Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2015-1834"
},
{
"name": "98691",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98691"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cloud Foundry",
"vendor": "Pivotal",
"versions": [
{
"status": "affected",
"version": "cf-release versions prior to v208"
},
{
"status": "affected",
"version": "Elastic Runtime versions prior to 1.4.2"
}
]
}
],
"datePublic": "2015-05-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A path traversal vulnerability was identified in the Cloud Foundry component Cloud Controller that affects cf-release versions prior to v208 and Pivotal Cloud Foundry Elastic Runtime versions prior to 1.4.2. Path traversal is the \u0027outbreak\u0027 of a given directory structure through relative file paths in the user input. It aims at accessing files and directories that are stored outside the web root folder, for disallowed reading or even executing arbitrary system commands. An attacker could use a certain parameter of the file path for instance to inject \u0027../\u0027 sequences in order to navigate through the file system. In this particular case a remote authenticated attacker can exploit the identified vulnerability in order to upload arbitrary files to the server running a Cloud Controller instance - outside the isolated application container."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Path Traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-29T09:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2015-1834"
},
{
"name": "98691",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98691"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2015-1834",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cloud Foundry",
"version": {
"version_data": [
{
"version_value": "cf-release versions prior to v208"
},
{
"version_value": "Elastic Runtime versions prior to 1.4.2"
}
]
}
}
]
},
"vendor_name": "Pivotal"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A path traversal vulnerability was identified in the Cloud Foundry component Cloud Controller that affects cf-release versions prior to v208 and Pivotal Cloud Foundry Elastic Runtime versions prior to 1.4.2. Path traversal is the \u0027outbreak\u0027 of a given directory structure through relative file paths in the user input. It aims at accessing files and directories that are stored outside the web root folder, for disallowed reading or even executing arbitrary system commands. An attacker could use a certain parameter of the file path for instance to inject \u0027../\u0027 sequences in order to navigate through the file system. In this particular case a remote authenticated attacker can exploit the identified vulnerability in order to upload arbitrary files to the server running a Cloud Controller instance - outside the isolated application container."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Path Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pivotal.io/security/cve-2015-1834",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2015-1834"
},
{
"name": "98691",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98691"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2015-1834",
"datePublished": "2017-05-25T17:00:00",
"dateReserved": "2015-02-17T00:00:00",
"dateUpdated": "2024-08-06T04:54:16.330Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-0896
Vulnerability from cvelistv5
Published
2016-09-18 01:00
Modified
2024-08-05 22:38
Severity ?
EPSS score ?
Summary
Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.34 and 1.7.x before 1.7.12 places 169.254.0.0/16 in the all_open Application Security Group, which might allow remote attackers to bypass intended network-connectivity restrictions by leveraging access to the 169.254.169.254 address.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/92161 | vdb-entry, x_refsource_BID | |
| https://pivotal.io/security/cve-2016-0896 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:38:40.959Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "92161",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92161"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2016-0896"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.34 and 1.7.x before 1.7.12 places 169.254.0.0/16 in the all_open Application Security Group, which might allow remote attackers to bypass intended network-connectivity restrictions by leveraging access to the 169.254.169.254 address."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "92161",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92161"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2016-0896"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2016-0896",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.34 and 1.7.x before 1.7.12 places 169.254.0.0/16 in the all_open Application Security Group, which might allow remote attackers to bypass intended network-connectivity restrictions by leveraging access to the 169.254.169.254 address."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "92161",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92161"
},
{
"name": "https://pivotal.io/security/cve-2016-0896",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2016-0896"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2016-0896",
"datePublished": "2016-09-18T01:00:00",
"dateReserved": "2015-12-17T00:00:00",
"dateUpdated": "2024-08-05T22:38:40.959Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-6636
Vulnerability from cvelistv5
Published
2016-09-30 00:00
Modified
2024-08-06 01:36
Severity ?
EPSS score ?
Summary
The OAuth authorization implementation in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x before 2.7.4.7, 3.x before 3.3.0.5, and 3.4.x before 3.4.4; UAA BOSH before 11.5 and 12.x before 12.5; Elastic Runtime before 1.6.40, 1.7.x before 1.7.21, and 1.8.x before 1.8.1; and Ops Manager 1.7.x before 1.7.13 and 1.8.x before 1.8.1 mishandles redirect_uri subdomains, which allows remote attackers to obtain implicit access tokens via a modified subdomain.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/93246 | vdb-entry, x_refsource_BID | |
| https://pivotal.io/security/cve-2016-6636 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:36:29.094Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "93246",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93246"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2016-6636"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The OAuth authorization implementation in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x before 2.7.4.7, 3.x before 3.3.0.5, and 3.4.x before 3.4.4; UAA BOSH before 11.5 and 12.x before 12.5; Elastic Runtime before 1.6.40, 1.7.x before 1.7.21, and 1.8.x before 1.8.1; and Ops Manager 1.7.x before 1.7.13 and 1.8.x before 1.8.1 mishandles redirect_uri subdomains, which allows remote attackers to obtain implicit access tokens via a modified subdomain."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "93246",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93246"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2016-6636"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2016-6636",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The OAuth authorization implementation in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x before 2.7.4.7, 3.x before 3.3.0.5, and 3.4.x before 3.4.4; UAA BOSH before 11.5 and 12.x before 12.5; Elastic Runtime before 1.6.40, 1.7.x before 1.7.21, and 1.8.x before 1.8.1; and Ops Manager 1.7.x before 1.7.13 and 1.8.x before 1.8.1 mishandles redirect_uri subdomains, which allows remote attackers to obtain implicit access tokens via a modified subdomain."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "93246",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93246"
},
{
"name": "https://pivotal.io/security/cve-2016-6636",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2016-6636"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2016-6636",
"datePublished": "2016-09-30T00:00:00",
"dateReserved": "2016-08-10T00:00:00",
"dateUpdated": "2024-08-06T01:36:29.094Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-4959
Vulnerability from cvelistv5
Published
2017-06-13 06:00
Modified
2024-08-05 14:47
Severity ?
EPSS score ?
Summary
An issue was discovered in Pivotal PCF Elastic Runtime 1.8.x versions prior to 1.8.29 and 1.9.x versions prior to 1.9.7. Pivotal Cloud Foundry deployments using the Pivotal Account application are vulnerable to a flaw which allows an authorized user to take over the account of another user, causing account lockout and potential escalation of privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/96218 | vdb-entry, x_refsource_BID | |
| https://pivotal.io/security/cve-2017-4959 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | PCF Elastic Runtime |
Version: PCF Elastic Runtime |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:47:43.745Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "96218",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96218"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2017-4959"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PCF Elastic Runtime",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "PCF Elastic Runtime"
}
]
}
],
"datePublic": "2017-06-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Pivotal PCF Elastic Runtime 1.8.x versions prior to 1.8.29 and 1.9.x versions prior to 1.9.7. Pivotal Cloud Foundry deployments using the Pivotal Account application are vulnerable to a flaw which allows an authorized user to take over the account of another user, causing account lockout and potential escalation of privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Pivotal Cloud Foundry account authorization vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-13T09:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "96218",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96218"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2017-4959"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2017-4959",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PCF Elastic Runtime",
"version": {
"version_data": [
{
"version_value": "PCF Elastic Runtime"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Pivotal PCF Elastic Runtime 1.8.x versions prior to 1.8.29 and 1.9.x versions prior to 1.9.7. Pivotal Cloud Foundry deployments using the Pivotal Account application are vulnerable to a flaw which allows an authorized user to take over the account of another user, causing account lockout and potential escalation of privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Pivotal Cloud Foundry account authorization vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96218",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96218"
},
{
"name": "https://pivotal.io/security/cve-2017-4959",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2017-4959"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2017-4959",
"datePublished": "2017-06-13T06:00:00",
"dateReserved": "2016-12-29T00:00:00",
"dateUpdated": "2024-08-05T14:47:43.745Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-0926
Vulnerability from cvelistv5
Published
2016-09-18 01:00
Modified
2024-08-05 22:38
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Apps Manager in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.32 and 1.7.x before 1.7.8 allows remote attackers to inject arbitrary web script or HTML via unspecified input that improperly interacts with the AngularJS framework.
References
| ▼ | URL | Tags |
|---|---|---|
| https://pivotal.io/security/cve-2016-0926 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/91677 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:38:41.173Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2016-0926"
},
{
"name": "91677",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91677"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Apps Manager in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.32 and 1.7.x before 1.7.8 allows remote attackers to inject arbitrary web script or HTML via unspecified input that improperly interacts with the AngularJS framework."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2016-0926"
},
{
"name": "91677",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91677"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2016-0926",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Apps Manager in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.32 and 1.7.x before 1.7.8 allows remote attackers to inject arbitrary web script or HTML via unspecified input that improperly interacts with the AngularJS framework."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pivotal.io/security/cve-2016-0926",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2016-0926"
},
{
"name": "91677",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91677"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2016-0926",
"datePublished": "2016-09-18T01:00:00",
"dateReserved": "2015-12-17T00:00:00",
"dateUpdated": "2024-08-05T22:38:41.173Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-5171
Vulnerability from cvelistv5
Published
2017-10-24 17:00
Modified
2024-08-06 06:41
Severity ?
EPSS score ?
Summary
The password change functionality in Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire existing sessions.
References
| ▼ | URL | Tags |
|---|---|---|
| https://pivotal.io/security/cve-2015-5170-5173 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:41:07.973Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2015-5170-5173"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The password change functionality in Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire existing sessions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-24T16:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2015-5170-5173"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5171",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The password change functionality in Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire existing sessions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pivotal.io/security/cve-2015-5170-5173",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2015-5170-5173"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-5171",
"datePublished": "2017-10-24T17:00:00",
"dateReserved": "2015-07-01T00:00:00",
"dateUpdated": "2024-08-06T06:41:07.973Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-0780
Vulnerability from cvelistv5
Published
2017-05-25 17:00
Modified
2024-08-05 22:30
Severity ?
EPSS score ?
Summary
It was discovered that cf-release v231 and lower, Pivotal Cloud Foundry Elastic Runtime 1.5.x versions prior to 1.5.17 and Pivotal Cloud Foundry Elastic Runtime 1.6.x versions prior to 1.6.18 do not properly enforce disk quotas in certain cases. An attacker could use an improper disk quota value to bypass enforcement and consume all the disk on DEAs/CELLs causing a potential denial of service for other applications.
References
| ▼ | URL | Tags |
|---|---|---|
| https://pivotal.io/security/cve-2016-0780 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Pivotal | Cloud Foundry |
Version: cf-release v231 and lower Version: Elastic Runtime 1.5.x versions prior to 1.5.17 Version: Elastic Runtime 1.6.x versions prior to 1.6.18 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:30:04.090Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2016-0780"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cloud Foundry",
"vendor": "Pivotal",
"versions": [
{
"status": "affected",
"version": "cf-release v231 and lower"
},
{
"status": "affected",
"version": "Elastic Runtime 1.5.x versions prior to 1.5.17"
},
{
"status": "affected",
"version": "Elastic Runtime 1.6.x versions prior to 1.6.18"
}
]
}
],
"datePublic": "2016-03-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "It was discovered that cf-release v231 and lower, Pivotal Cloud Foundry Elastic Runtime 1.5.x versions prior to 1.5.17 and Pivotal Cloud Foundry Elastic Runtime 1.6.x versions prior to 1.6.18 do not properly enforce disk quotas in certain cases. An attacker could use an improper disk quota value to bypass enforcement and consume all the disk on DEAs/CELLs causing a potential denial of service for other applications."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-25T16:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2016-0780"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2016-0780",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cloud Foundry",
"version": {
"version_data": [
{
"version_value": "cf-release v231 and lower"
},
{
"version_value": "Elastic Runtime 1.5.x versions prior to 1.5.17"
},
{
"version_value": "Elastic Runtime 1.6.x versions prior to 1.6.18"
}
]
}
}
]
},
"vendor_name": "Pivotal"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "It was discovered that cf-release v231 and lower, Pivotal Cloud Foundry Elastic Runtime 1.5.x versions prior to 1.5.17 and Pivotal Cloud Foundry Elastic Runtime 1.6.x versions prior to 1.6.18 do not properly enforce disk quotas in certain cases. An attacker could use an improper disk quota value to bypass enforcement and consume all the disk on DEAs/CELLs causing a potential denial of service for other applications."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pivotal.io/security/cve-2016-0780",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2016-0780"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2016-0780",
"datePublished": "2017-05-25T17:00:00",
"dateReserved": "2015-12-16T00:00:00",
"dateUpdated": "2024-08-05T22:30:04.090Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-3190
Vulnerability from cvelistv5
Published
2017-05-25 17:00
Modified
2024-08-06 05:39
Severity ?
EPSS score ?
Summary
With Cloud Foundry Runtime cf-release versions v209 or earlier, UAA Standalone versions 2.2.6 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier the UAA logout link is susceptible to an open redirect which allows an attacker to insert malicious web page as a redirect parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://pivotal.io/security/cve-2015-3190 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Pivotal | Cloud Foundry |
Version: Runtime cf-release versions v209 or earlier Version: UAA Standalone versions 2.2.6 or earlier Version: Runtime 1.4.5 or earlier |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:39:31.774Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2015-3190"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cloud Foundry",
"vendor": "Pivotal",
"versions": [
{
"status": "affected",
"version": "Runtime cf-release versions v209 or earlier"
},
{
"status": "affected",
"version": "UAA Standalone versions 2.2.6 or earlier"
},
{
"status": "affected",
"version": "Runtime 1.4.5 or earlier"
}
]
}
],
"datePublic": "2015-06-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "With Cloud Foundry Runtime cf-release versions v209 or earlier, UAA Standalone versions 2.2.6 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier the UAA logout link is susceptible to an open redirect which allows an attacker to insert malicious web page as a redirect parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Open redirect",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-25T16:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2015-3190"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2015-3190",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cloud Foundry",
"version": {
"version_data": [
{
"version_value": "Runtime cf-release versions v209 or earlier"
},
{
"version_value": "UAA Standalone versions 2.2.6 or earlier"
},
{
"version_value": "Runtime 1.4.5 or earlier"
}
]
}
}
]
},
"vendor_name": "Pivotal"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "With Cloud Foundry Runtime cf-release versions v209 or earlier, UAA Standalone versions 2.2.6 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier the UAA logout link is susceptible to an open redirect which allows an attacker to insert malicious web page as a redirect parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Open redirect"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pivotal.io/security/cve-2015-3190",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2015-3190"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2015-3190",
"datePublished": "2017-05-25T17:00:00",
"dateReserved": "2015-04-10T00:00:00",
"dateUpdated": "2024-08-06T05:39:31.774Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-2773
Vulnerability from cvelistv5
Published
2017-06-13 06:00
Modified
2024-08-05 14:02
Severity ?
EPSS score ?
Summary
An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.60, 1.7.x versions prior to 1.7.41, 1.8.x versions prior to 1.8.23, and 1.9.x versions prior to 1.9.1. Incomplete validation logic in JSON Web Token (JWT) libraries can allow unprivileged attackers to impersonate other users in multiple components included in PCF Elastic Runtime, aka an "Unauthenticated JWT signing algorithm in multiple components" issue.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/97135 | vdb-entry, x_refsource_BID | |
| https://pivotal.io/security/cve-2017-2773 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | PCF Elastic Runtime |
Version: PCF Elastic Runtime |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:02:07.773Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "97135",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97135"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2017-2773"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PCF Elastic Runtime",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "PCF Elastic Runtime"
}
]
}
],
"datePublic": "2017-06-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.60, 1.7.x versions prior to 1.7.41, 1.8.x versions prior to 1.8.23, and 1.9.x versions prior to 1.9.1. Incomplete validation logic in JSON Web Token (JWT) libraries can allow unprivileged attackers to impersonate other users in multiple components included in PCF Elastic Runtime, aka an \"Unauthenticated JWT signing algorithm in multiple components\" issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unauthenticated JWT signing algorithm in multiple components",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-13T09:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "97135",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97135"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2017-2773"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2017-2773",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PCF Elastic Runtime",
"version": {
"version_data": [
{
"version_value": "PCF Elastic Runtime"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.60, 1.7.x versions prior to 1.7.41, 1.8.x versions prior to 1.8.23, and 1.9.x versions prior to 1.9.1. Incomplete validation logic in JSON Web Token (JWT) libraries can allow unprivileged attackers to impersonate other users in multiple components included in PCF Elastic Runtime, aka an \"Unauthenticated JWT signing algorithm in multiple components\" issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unauthenticated JWT signing algorithm in multiple components"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "97135",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97135"
},
{
"name": "https://pivotal.io/security/cve-2017-2773",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2017-2773"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2017-2773",
"datePublished": "2017-06-13T06:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T14:02:07.773Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-4955
Vulnerability from cvelistv5
Published
2017-06-13 06:00
Modified
2024-08-05 14:47
Severity ?
EPSS score ?
Summary
An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.65, 1.7.x versions prior to 1.7.48, 1.8.x versions prior to 1.8.28, and 1.9.x versions prior to 1.9.5. Several credentials were present in the logs for the Notifications errand in the PCF Elastic Runtime tile.
References
| ▼ | URL | Tags |
|---|---|---|
| https://pivotal.io/security/cve-2017-4955 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/97082 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | PCF Elastic Runtime |
Version: PCF Elastic Runtime |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:47:44.061Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2017-4955"
},
{
"name": "97082",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97082"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PCF Elastic Runtime",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "PCF Elastic Runtime"
}
]
}
],
"datePublic": "2017-06-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.65, 1.7.x versions prior to 1.7.48, 1.8.x versions prior to 1.8.28, and 1.9.x versions prior to 1.9.5. Several credentials were present in the logs for the Notifications errand in the PCF Elastic Runtime tile."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Credentials in Elastic Runtime Notifications errand log",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-13T09:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2017-4955"
},
{
"name": "97082",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97082"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2017-4955",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PCF Elastic Runtime",
"version": {
"version_data": [
{
"version_value": "PCF Elastic Runtime"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.65, 1.7.x versions prior to 1.7.48, 1.8.x versions prior to 1.8.28, and 1.9.x versions prior to 1.9.5. Several credentials were present in the logs for the Notifications errand in the PCF Elastic Runtime tile."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Credentials in Elastic Runtime Notifications errand log"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pivotal.io/security/cve-2017-4955",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2017-4955"
},
{
"name": "97082",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97082"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2017-4955",
"datePublished": "2017-06-13T06:00:00",
"dateReserved": "2016-12-29T00:00:00",
"dateUpdated": "2024-08-05T14:47:44.061Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-0781
Vulnerability from cvelistv5
Published
2017-05-25 17:00
Modified
2024-08-05 22:30
Severity ?
EPSS score ?
Summary
The UAA OAuth approval pages in Cloud Foundry v208 to v231, Login-server v1.6 to v1.14, UAA v2.0.0 to v2.7.4.1, UAA v3.0.0 to v3.2.0, UAA-Release v2 to v7 and Pivotal Elastic Runtime 1.6.x versions prior to 1.6.20 are vulnerable to an XSS attack by specifying malicious java script content in either the OAuth scopes (SCIM groups) or SCIM group descriptions.
References
| ▼ | URL | Tags |
|---|---|---|
| https://pivotal.io/security/cve-2016-0781 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Pivotal | Cloud Foundry |
Version: v208 to v231 Version: Login-server v1.6 to v1.14 Version: UAA v2.0.0 to v2.7.4.1 Version: UAA v3.0.0 to v3.2.0 Version: UAA-Release v2 to v7 Version: Elastic Runtime 1.6.x versions prior to 1.6.20 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:30:04.905Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2016-0781"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cloud Foundry",
"vendor": "Pivotal",
"versions": [
{
"status": "affected",
"version": "v208 to v231"
},
{
"status": "affected",
"version": "Login-server v1.6 to v1.14"
},
{
"status": "affected",
"version": "UAA v2.0.0 to v2.7.4.1"
},
{
"status": "affected",
"version": "UAA v3.0.0 to v3.2.0"
},
{
"status": "affected",
"version": "UAA-Release v2 to v7"
},
{
"status": "affected",
"version": "Elastic Runtime 1.6.x versions prior to 1.6.20"
}
]
}
],
"datePublic": "2016-03-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The UAA OAuth approval pages in Cloud Foundry v208 to v231, Login-server v1.6 to v1.14, UAA v2.0.0 to v2.7.4.1, UAA v3.0.0 to v3.2.0, UAA-Release v2 to v7 and Pivotal Elastic Runtime 1.6.x versions prior to 1.6.20 are vulnerable to an XSS attack by specifying malicious java script content in either the OAuth scopes (SCIM groups) or SCIM group descriptions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Persistent XSS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-25T16:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2016-0781"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2016-0781",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cloud Foundry",
"version": {
"version_data": [
{
"version_value": "v208 to v231"
},
{
"version_value": "Login-server v1.6 to v1.14"
},
{
"version_value": "UAA v2.0.0 to v2.7.4.1"
},
{
"version_value": "UAA v3.0.0 to v3.2.0"
},
{
"version_value": "UAA-Release v2 to v7"
},
{
"version_value": "Elastic Runtime 1.6.x versions prior to 1.6.20"
}
]
}
}
]
},
"vendor_name": "Pivotal"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The UAA OAuth approval pages in Cloud Foundry v208 to v231, Login-server v1.6 to v1.14, UAA v2.0.0 to v2.7.4.1, UAA v3.0.0 to v3.2.0, UAA-Release v2 to v7 and Pivotal Elastic Runtime 1.6.x versions prior to 1.6.20 are vulnerable to an XSS attack by specifying malicious java script content in either the OAuth scopes (SCIM groups) or SCIM group descriptions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Persistent XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pivotal.io/security/cve-2016-0781",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2016-0781"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2016-0781",
"datePublished": "2017-05-25T17:00:00",
"dateReserved": "2015-12-16T00:00:00",
"dateUpdated": "2024-08-05T22:30:04.905Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-2165
Vulnerability from cvelistv5
Published
2017-05-25 17:00
Modified
2024-08-05 23:17
Severity ?
EPSS score ?
Summary
The Loggregator Traffic Controller endpoints in cf-release v231 and lower, Pivotal Elastic Runtime versions prior to 1.5.19 AND 1.6.x versions prior to 1.6.20 are not cleansing request URL paths when they are invalid and are returning them in the 404 response. This could allow malicious scripts to be written directly into the 404 response.
References
| ▼ | URL | Tags |
|---|---|---|
| https://pivotal.io/security/cve-2016-2165 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Pivotal | Cloud Foundry |
Version: cf-release v231 and lower Version: Elastic Runtime versions prior to 1.5.19 AND 1.6.x versions prior to 1.6.20 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:17:50.673Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2016-2165"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cloud Foundry",
"vendor": "Pivotal",
"versions": [
{
"status": "affected",
"version": "cf-release v231 and lower"
},
{
"status": "affected",
"version": "Elastic Runtime versions prior to 1.5.19 AND 1.6.x versions prior to 1.6.20"
}
]
}
],
"datePublic": "2016-03-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Loggregator Traffic Controller endpoints in cf-release v231 and lower, Pivotal Elastic Runtime versions prior to 1.5.19 AND 1.6.x versions prior to 1.6.20 are not cleansing request URL paths when they are invalid and are returning them in the 404 response. This could allow malicious scripts to be written directly into the 404 response."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XSS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-25T16:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2016-2165"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2016-2165",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cloud Foundry",
"version": {
"version_data": [
{
"version_value": "cf-release v231 and lower"
},
{
"version_value": "Elastic Runtime versions prior to 1.5.19 AND 1.6.x versions prior to 1.6.20"
}
]
}
}
]
},
"vendor_name": "Pivotal"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Loggregator Traffic Controller endpoints in cf-release v231 and lower, Pivotal Elastic Runtime versions prior to 1.5.19 AND 1.6.x versions prior to 1.6.20 are not cleansing request URL paths when they are invalid and are returning them in the 404 response. This could allow malicious scripts to be written directly into the 404 response."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pivotal.io/security/cve-2016-2165",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2016-2165"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2016-2165",
"datePublished": "2017-05-25T17:00:00",
"dateReserved": "2016-01-29T00:00:00",
"dateUpdated": "2024-08-05T23:17:50.673Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-5172
Vulnerability from cvelistv5
Published
2017-10-24 17:00
Modified
2024-08-06 06:41
Severity ?
EPSS score ?
Summary
Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire password reset links.
References
| ▼ | URL | Tags |
|---|---|---|
| https://pivotal.io/security/cve-2015-5170-5173 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:41:09.222Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2015-5170-5173"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire password reset links."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-24T16:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2015-5170-5173"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5172",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire password reset links."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pivotal.io/security/cve-2015-5170-5173",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2015-5170-5173"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-5172",
"datePublished": "2017-10-24T17:00:00",
"dateReserved": "2015-07-01T00:00:00",
"dateUpdated": "2024-08-06T06:41:09.222Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-5016
Vulnerability from cvelistv5
Published
2017-04-24 19:00
Modified
2024-08-06 00:46
Severity ?
EPSS score ?
Summary
Pivotal Cloud Foundry 239 and earlier, UAA (aka User Account and Authentication Server) 3.4.1 and earlier, UAA release 12.2 and earlier, PCF (aka Pivotal Cloud Foundry) Elastic Runtime 1.6.x before 1.6.35, and PCF Elastic Runtime 1.7.x before 1.7.13 does not validate if a certificate is expired.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/cloudfoundry/uaa/releases/tag/2.7.4.6 | x_refsource_CONFIRM | |
| https://github.com/cloudfoundry/uaa/releases/tag/3.3.0.3 | x_refsource_CONFIRM | |
| https://github.com/cloudfoundry/uaa-release/releases/tag/v12.3 | x_refsource_CONFIRM | |
| https://github.com/cloudfoundry/uaa/releases/tag/3.4.2 | x_refsource_CONFIRM | |
| https://github.com/cloudfoundry/cf-release/releases/tag/v240 | x_refsource_CONFIRM | |
| https://pivotal.io/security/cve-2016-5016 | x_refsource_CONFIRM | |
| https://github.com/cloudfoundry/uaa-release/releases/tag/v11.3 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:46:40.228Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/cloudfoundry/uaa/releases/tag/2.7.4.6"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/cloudfoundry/uaa/releases/tag/3.3.0.3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/cloudfoundry/uaa-release/releases/tag/v12.3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/cloudfoundry/uaa/releases/tag/3.4.2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/cloudfoundry/cf-release/releases/tag/v240"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2016-5016"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/cloudfoundry/uaa-release/releases/tag/v11.3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Pivotal Cloud Foundry 239 and earlier, UAA (aka User Account and Authentication Server) 3.4.1 and earlier, UAA release 12.2 and earlier, PCF (aka Pivotal Cloud Foundry) Elastic Runtime 1.6.x before 1.6.35, and PCF Elastic Runtime 1.7.x before 1.7.13 does not validate if a certificate is expired."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-24T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/cloudfoundry/uaa/releases/tag/2.7.4.6"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/cloudfoundry/uaa/releases/tag/3.3.0.3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/cloudfoundry/uaa-release/releases/tag/v12.3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/cloudfoundry/uaa/releases/tag/3.4.2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/cloudfoundry/cf-release/releases/tag/v240"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2016-5016"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/cloudfoundry/uaa-release/releases/tag/v11.3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-5016",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pivotal Cloud Foundry 239 and earlier, UAA (aka User Account and Authentication Server) 3.4.1 and earlier, UAA release 12.2 and earlier, PCF (aka Pivotal Cloud Foundry) Elastic Runtime 1.6.x before 1.6.35, and PCF Elastic Runtime 1.7.x before 1.7.13 does not validate if a certificate is expired."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/cloudfoundry/uaa/releases/tag/2.7.4.6",
"refsource": "CONFIRM",
"url": "https://github.com/cloudfoundry/uaa/releases/tag/2.7.4.6"
},
{
"name": "https://github.com/cloudfoundry/uaa/releases/tag/3.3.0.3",
"refsource": "CONFIRM",
"url": "https://github.com/cloudfoundry/uaa/releases/tag/3.3.0.3"
},
{
"name": "https://github.com/cloudfoundry/uaa-release/releases/tag/v12.3",
"refsource": "CONFIRM",
"url": "https://github.com/cloudfoundry/uaa-release/releases/tag/v12.3"
},
{
"name": "https://github.com/cloudfoundry/uaa/releases/tag/3.4.2",
"refsource": "CONFIRM",
"url": "https://github.com/cloudfoundry/uaa/releases/tag/3.4.2"
},
{
"name": "https://github.com/cloudfoundry/cf-release/releases/tag/v240",
"refsource": "CONFIRM",
"url": "https://github.com/cloudfoundry/cf-release/releases/tag/v240"
},
{
"name": "https://pivotal.io/security/cve-2016-5016",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2016-5016"
},
{
"name": "https://github.com/cloudfoundry/uaa-release/releases/tag/v11.3",
"refsource": "CONFIRM",
"url": "https://github.com/cloudfoundry/uaa-release/releases/tag/v11.3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-5016",
"datePublished": "2017-04-24T19:00:00",
"dateReserved": "2016-05-24T00:00:00",
"dateUpdated": "2024-08-06T00:46:40.228Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-5173
Vulnerability from cvelistv5
Published
2017-10-24 17:00
Modified
2024-08-06 06:41
Severity ?
EPSS score ?
Summary
Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact via vectors involving emails with password recovery links, aka "Cross Domain Referer Leakage."
References
| ▼ | URL | Tags |
|---|---|---|
| https://pivotal.io/security/cve-2015-5170-5173 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:41:08.841Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2015-5170-5173"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact via vectors involving emails with password recovery links, aka \"Cross Domain Referer Leakage.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-24T16:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2015-5170-5173"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5173",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact via vectors involving emails with password recovery links, aka \"Cross Domain Referer Leakage.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pivotal.io/security/cve-2015-5170-5173",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2015-5170-5173"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-5173",
"datePublished": "2017-10-24T17:00:00",
"dateReserved": "2015-07-01T00:00:00",
"dateUpdated": "2024-08-06T06:41:08.841Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2018-09-11 17:29
Modified
2024-11-21 02:42
Severity ?
Summary
Pivotal Cloud Foundry Elastic Runtime version 1.4.0 through 1.4.5, 1.5.0 through 1.5.11 and 1.6.0 through 1.6.11 is vulnerable to a remote information disclosure. It was found that original mitigation configuration instructions provided as part of CVE-2016-0708 were incomplete and could leave PHP Buildpack, Staticfile Buildpack and potentially other custom Buildpack applications vulnerable to remote information disclosure. Affected applications use automated buildpack detection, serve files directly from the root of the application and have a buildpack that matched after the Java Buildpack in the system buildpack priority when Java Buildpack versions 2.0 through 3.4 were present.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://pivotal.io/security/cve-2016-0715 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pivotal.io/security/cve-2016-0715 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pivotal_software | cloud_foundry_elastic_runtime | * | |
| pivotal_software | cloud_foundry_elastic_runtime | * | |
| pivotal_software | cloud_foundry_elastic_runtime | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:*:*:*:*:*:*:*:*",
"matchCriteriaId": "61E71217-AE50-4073-8B25-555BE399AB4C",
"versionEndIncluding": "1.4.5",
"versionStartIncluding": "1.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6B65F98-7509-4CA9-9692-CAA75ADE6ECC",
"versionEndIncluding": "1.5.11",
"versionStartIncluding": "1.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FD0DD97E-27F9-4C12-9FFE-A5C6C0A09473",
"versionEndIncluding": "1.6.11",
"versionStartIncluding": "1.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Pivotal Cloud Foundry Elastic Runtime version 1.4.0 through 1.4.5, 1.5.0 through 1.5.11 and 1.6.0 through 1.6.11 is vulnerable to a remote information disclosure. It was found that original mitigation configuration instructions provided as part of CVE-2016-0708 were incomplete and could leave PHP Buildpack, Staticfile Buildpack and potentially other custom Buildpack applications vulnerable to remote information disclosure. Affected applications use automated buildpack detection, serve files directly from the root of the application and have a buildpack that matched after the Java Buildpack in the system buildpack priority when Java Buildpack versions 2.0 through 3.4 were present."
},
{
"lang": "es",
"value": "Pivotal Cloud Foundry Elastic Runtime, desde la versi\u00f3n 1.4.0 hasta la 1.4.5, de la 1.5.0 hasta la 1.5.11 y desde la versi\u00f3n 1.6.0 hasta la 1.6.11 es vulnerable a una divulgaci\u00f3n de informaci\u00f3n remota. Se ha detectado que las instrucciones originales de configuraci\u00f3n de la mitigaci\u00f3n que se proporcionaron como parte de CVE-2016-0708 estaban incompletas y podr\u00edan hacer que PHP Buildpack, Staticfile Buildpack y, probablemente, otras aplicaciones Buildpack personalizadas sean vulnerables a la divulgaci\u00f3n de informaci\u00f3n remota. Las aplicaciones afectadas emplean la detecci\u00f3n automatizada de buildpack, sirven archivos directamente desde el root de la aplicaci\u00f3n y tienen un buildpack que coincid\u00eda con el Java Buildpack en la prioridad del sistema buildpack cuando Java Buildpack estaba presente en versiones desde la2.0 hasta la 3.4."
}
],
"id": "CVE-2016-0715",
"lastModified": "2024-11-21T02:42:14.563",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-11T17:29:00.223",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2016-0715"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2016-0715"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-09-18 02:59
Modified
2024-11-21 02:42
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.17 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security_alert@emc.com | https://pivotal.io/security/cve-2016-0927 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pivotal.io/security/cve-2016-0927 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CC5918-BC38-46E3-8000-5FE87A65C0E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "36926681-35F4-4619-9613-155DEEEA3C8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "41FF3C2B-E96F-4DF7-A5C4-703206CB729E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F9CB3C2D-3080-4A3D-8D8D-1381B5D98920",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "782781EB-147C-4B00-84C5-1D8443BFA2D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "35A56755-EEB2-4C93-B180-3918A36965AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E4009F10-08AF-470B-B903-38B8A6DBF332",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2B2E8F04-53E6-4A3C-BE4B-8D0DDA22CA8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "790DAB24-893A-463F-8358-171DACD75074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3645A1A8-4945-447F-A968-101D5938F9C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "0E52C9B9-8F94-48D8-ADA6-96918F6AAD36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "3948FC2F-AF3B-4AF3-968D-F124D03A213A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.12:*:*:*:*:*:*:*",
"matchCriteriaId": "4BA44F9B-97D5-48C0-91E9-6D3FEC8B7773",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.13:*:*:*:*:*:*:*",
"matchCriteriaId": "7B414F88-6541-48C6-B9D6-4DDA035A0037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.14:*:*:*:*:*:*:*",
"matchCriteriaId": "66235C7F-D5EE-4989-8D24-6D0781954234",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.15:*:*:*:*:*:*:*",
"matchCriteriaId": "12E75B49-2419-4313-A648-B5283DA620E7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.17 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en Pivotal Cloud Foundry (PCF) Ops Manager en versiones anteriores a 1.6.17 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2016-0927",
"lastModified": "2024-11-21T02:42:38.973",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-09-18T02:59:07.947",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2016-0927"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2016-0927"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-06-13 06:29
Modified
2024-11-21 03:26
Severity ?
Summary
An issue was discovered in Pivotal PCF Elastic Runtime 1.8.x versions prior to 1.8.29 and 1.9.x versions prior to 1.9.7. Pivotal Cloud Foundry deployments using the Pivotal Account application are vulnerable to a flaw which allows an authorized user to take over the account of another user, causing account lockout and potential escalation of privileges.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security_alert@emc.com | http://www.securityfocus.com/bid/96218 | Third Party Advisory, VDB Entry | |
| security_alert@emc.com | https://pivotal.io/security/cve-2017-4959 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/96218 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pivotal.io/security/cve-2017-4959 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "258FAFB4-2B67-456B-BE78-1562A3D5E9A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "15F08919-8764-419D-A399-1EAA6B055C5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "09BA6E79-22B6-4E5E-8C85-BBA8CB6C1828",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FB328ACE-FC3C-4255-9400-A9BBC5059F5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "877383E9-545F-4324-B8EA-76F33B7C11C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7B6BCA5E-1A43-41AA-ACEC-2C73E1B84D26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0CF15EDB-2707-43E2-9B53-C0CCA28AC972",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C896CBBE-BE7B-44C3-A25E-F85BC7F6CE51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "944374E2-A07E-4EEA-BE0C-47EF62FFABA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.9:*:*:*:*:*:*:*",
"matchCriteriaId": "CAEA85D5-10B2-4003-A857-2C46F9559694",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "799E1F2E-DA5F-41B5-9B83-55661E18D726",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.11:*:*:*:*:*:*:*",
"matchCriteriaId": "AD9369A6-F59D-4C7A-830E-6EAC6F81A493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.12:*:*:*:*:*:*:*",
"matchCriteriaId": "31A2732A-0309-4DF0-9EF1-7954D10BCFCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.13:*:*:*:*:*:*:*",
"matchCriteriaId": "C3101A31-55B3-4212-B78F-FE574B445F91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.14:*:*:*:*:*:*:*",
"matchCriteriaId": "DED599DA-D25C-45FD-9CDA-8E9E2D17364C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.15:*:*:*:*:*:*:*",
"matchCriteriaId": "EBA779B7-1660-48B7-A648-E3952BFD1B14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.16:*:*:*:*:*:*:*",
"matchCriteriaId": "83A66A35-48D1-48E5-97A9-A6F136EC9BEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.17:*:*:*:*:*:*:*",
"matchCriteriaId": "598033B9-A0FB-4A5B-9417-5A434608232A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.18:*:*:*:*:*:*:*",
"matchCriteriaId": "A6CE5BCF-A1C8-4F24-A5BC-70FAF096253F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.19:*:*:*:*:*:*:*",
"matchCriteriaId": "85E0C92F-485D-4675-95F8-672E8489AF64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.20:*:*:*:*:*:*:*",
"matchCriteriaId": "6B95BB7C-D9D7-4A63-B8AB-6EB456D236A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.21:*:*:*:*:*:*:*",
"matchCriteriaId": "A06AE8D5-F30A-4F73-AF69-622F01D0BF0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.22:*:*:*:*:*:*:*",
"matchCriteriaId": "167A8FDC-4C37-4AC4-9A0D-B73602F8062F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.23:*:*:*:*:*:*:*",
"matchCriteriaId": "DDAEFA2F-3E9E-4B4F-8679-7F70A3ED6292",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.24:*:*:*:*:*:*:*",
"matchCriteriaId": "81501627-C022-4BEC-AF42-B10DF1CDA69E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.25:*:*:*:*:*:*:*",
"matchCriteriaId": "2FD7FDCF-4123-4000-821B-88D5214AF74D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.26:*:*:*:*:*:*:*",
"matchCriteriaId": "A0224626-1FB4-4DF5-B16F-5D2741E51E02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.27:*:*:*:*:*:*:*",
"matchCriteriaId": "ADD367D8-748B-4CE7-8CF4-0549B02B1766",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.28:*:*:*:*:*:*:*",
"matchCriteriaId": "F3DDC3D0-2523-4A10-824F-6630F7559CD8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A4FA79FA-C53E-4852-941B-F8B32EBC0BE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F25D21E0-E84B-4BCF-B2D0-2332CD583128",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "80C76651-7E20-4456-ADA3-DF5020471743",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CC7911DD-A3CC-4046-884D-C11A1263B037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8F122CEA-7924-45A6-BCFD-B9079C4B0DCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EBBFA1F5-3A00-4BCE-8E8D-B3E898933A71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3329004D-1F23-4991-A8ED-51DB1E596FD8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Pivotal PCF Elastic Runtime 1.8.x versions prior to 1.8.29 and 1.9.x versions prior to 1.9.7. Pivotal Cloud Foundry deployments using the Pivotal Account application are vulnerable to a flaw which allows an authorized user to take over the account of another user, causing account lockout and potential escalation of privileges."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en Pivotal PCF Elastic Runtime, en versiones 1.8.x anteriores a la 1.8.29 y en versiones 1.9.x anteriores a la 1.9.7. Los despliegues de Pivotal Cloud Foundry que emplean la aplicaci\u00f3n Pivotal Account son vulnerables a un error que permite que un usuario autorizado tome el control de la cuenta de otro usuario, lo que podr\u00eda provocar el bloqueo de la cuenta y un potencial escalado de privilegios."
}
],
"id": "CVE-2017-4959",
"lastModified": "2024-11-21T03:26:45.423",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-06-13T06:29:00.363",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/96218"
},
{
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2017-4959"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/96218"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2017-4959"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-09-18 02:59
Modified
2024-11-21 02:42
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Apps Manager in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.32 and 1.7.x before 1.7.8 allows remote attackers to inject arbitrary web script or HTML via unspecified input that improperly interacts with the AngularJS framework.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security_alert@emc.com | http://www.securityfocus.com/bid/91677 | Third Party Advisory, VDB Entry | |
| security_alert@emc.com | https://pivotal.io/security/cve-2016-0926 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/91677 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pivotal.io/security/cve-2016-0926 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pivotal_software | cloud_foundry_elastic_runtime | * | |
| pivotal_software | cloud_foundry_elastic_runtime | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2A185A4F-A604-4779-9553-145A721ECB39",
"versionEndExcluding": "1.6.32",
"versionStartIncluding": "1.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E6A3140A-F593-4AEA-9FDF-94FE511DBA0A",
"versionEndExcluding": "1.7.8",
"versionStartIncluding": "1.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Apps Manager in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.32 and 1.7.x before 1.7.8 allows remote attackers to inject arbitrary web script or HTML via unspecified input that improperly interacts with the AngularJS framework."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en Apps Manager en Pivotal Cloud Foundry (PCF) Elastic Runtime en versiones anteriores a 1.6.32 y 1.7.x en versiones anteriores a 1.7.8 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de entrada no especificada que interact\u00faa de manera incorrecta con el marco de referencia AngularJS."
}
],
"id": "CVE-2016-0926",
"lastModified": "2024-11-21T02:42:38.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-09-18T02:59:06.933",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91677"
},
{
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2016-0926"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91677"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2016-0926"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-05-25 17:29
Modified
2024-11-21 02:42
Severity ?
Summary
Cloud Foundry Garden-Linux versions prior to v0.333.0 and Elastic Runtime 1.6.x version prior to 1.6.17 contain a flaw in managing container files during Docker image preparation that could be used to delete, corrupt or overwrite host files and directories, including other container filesystems on the host.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security_alert@emc.com | https://pivotal.io/security/cve-2016-0761 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pivotal.io/security/cve-2016-0761 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cloudfoundry:garden_linux:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4924F19F-491B-4CD8-936F-8E1984899580",
"versionEndIncluding": "0.332.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CC5918-BC38-46E3-8000-5FE87A65C0E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "36926681-35F4-4619-9613-155DEEEA3C8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "41FF3C2B-E96F-4DF7-A5C4-703206CB729E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F9CB3C2D-3080-4A3D-8D8D-1381B5D98920",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "782781EB-147C-4B00-84C5-1D8443BFA2D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "35A56755-EEB2-4C93-B180-3918A36965AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E4009F10-08AF-470B-B903-38B8A6DBF332",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2B2E8F04-53E6-4A3C-BE4B-8D0DDA22CA8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "790DAB24-893A-463F-8358-171DACD75074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3645A1A8-4945-447F-A968-101D5938F9C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "0E52C9B9-8F94-48D8-ADA6-96918F6AAD36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "3948FC2F-AF3B-4AF3-968D-F124D03A213A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.12:*:*:*:*:*:*:*",
"matchCriteriaId": "4BA44F9B-97D5-48C0-91E9-6D3FEC8B7773",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.13:*:*:*:*:*:*:*",
"matchCriteriaId": "7B414F88-6541-48C6-B9D6-4DDA035A0037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.14:*:*:*:*:*:*:*",
"matchCriteriaId": "66235C7F-D5EE-4989-8D24-6D0781954234",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.15:*:*:*:*:*:*:*",
"matchCriteriaId": "12E75B49-2419-4313-A648-B5283DA620E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.16:*:*:*:*:*:*:*",
"matchCriteriaId": "EED70273-3FB2-4652-9AA2-10E2E9D581DE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cloud Foundry Garden-Linux versions prior to v0.333.0 and Elastic Runtime 1.6.x version prior to 1.6.17 contain a flaw in managing container files during Docker image preparation that could be used to delete, corrupt or overwrite host files and directories, including other container filesystems on the host."
},
{
"lang": "es",
"value": "Garden-Linux versiones anteriores a v0.333.0 y Elastic Runtime versiones 1.6.x anteriores a 1.6.17 de Cloud Foundry, contienen un fallo en la administraci\u00f3n de archivos de contenedor durante la preparaci\u00f3n de la imagen Docker que se podr\u00eda usar para eliminar, corromper o sobrescribir archivos y directorios del host, incluyendo otros sistemas de archivos de contenedor en el host."
}
],
"id": "CVE-2016-0761",
"lastModified": "2024-11-21T02:42:19.587",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-25T17:29:00.490",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2016-0761"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2016-0761"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-19"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-06-13 06:29
Modified
2024-11-21 03:24
Severity ?
Summary
An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.60, 1.7.x versions prior to 1.7.41, 1.8.x versions prior to 1.8.23, and 1.9.x versions prior to 1.9.1. Incomplete validation logic in JSON Web Token (JWT) libraries can allow unprivileged attackers to impersonate other users in multiple components included in PCF Elastic Runtime, aka an "Unauthenticated JWT signing algorithm in multiple components" issue.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security_alert@emc.com | http://www.securityfocus.com/bid/97135 | Third Party Advisory, VDB Entry | |
| security_alert@emc.com | https://pivotal.io/security/cve-2017-2773 | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/97135 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pivotal.io/security/cve-2017-2773 | Mitigation, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CC5918-BC38-46E3-8000-5FE87A65C0E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "36926681-35F4-4619-9613-155DEEEA3C8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "41FF3C2B-E96F-4DF7-A5C4-703206CB729E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F9CB3C2D-3080-4A3D-8D8D-1381B5D98920",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "782781EB-147C-4B00-84C5-1D8443BFA2D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "35A56755-EEB2-4C93-B180-3918A36965AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E4009F10-08AF-470B-B903-38B8A6DBF332",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2B2E8F04-53E6-4A3C-BE4B-8D0DDA22CA8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "790DAB24-893A-463F-8358-171DACD75074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3645A1A8-4945-447F-A968-101D5938F9C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "0E52C9B9-8F94-48D8-ADA6-96918F6AAD36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "3948FC2F-AF3B-4AF3-968D-F124D03A213A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.12:*:*:*:*:*:*:*",
"matchCriteriaId": "4BA44F9B-97D5-48C0-91E9-6D3FEC8B7773",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.13:*:*:*:*:*:*:*",
"matchCriteriaId": "7B414F88-6541-48C6-B9D6-4DDA035A0037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.14:*:*:*:*:*:*:*",
"matchCriteriaId": "66235C7F-D5EE-4989-8D24-6D0781954234",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.15:*:*:*:*:*:*:*",
"matchCriteriaId": "12E75B49-2419-4313-A648-B5283DA620E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.16:*:*:*:*:*:*:*",
"matchCriteriaId": "EED70273-3FB2-4652-9AA2-10E2E9D581DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.17:*:*:*:*:*:*:*",
"matchCriteriaId": "A2C07910-C462-46C1-83CB-39B3FD8D25BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.18:*:*:*:*:*:*:*",
"matchCriteriaId": "C6B9243E-31EF-48AB-BAB5-CCC3704A219F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.19:*:*:*:*:*:*:*",
"matchCriteriaId": "2BCB1D4B-F44C-41A1-90CA-62FD37003A1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.20:*:*:*:*:*:*:*",
"matchCriteriaId": "F623783F-46DF-454E-BD83-5D2AE35EA9B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.21:*:*:*:*:*:*:*",
"matchCriteriaId": "6BD9D35B-3E85-49FD-BA0A-D9020C5F280E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.22:*:*:*:*:*:*:*",
"matchCriteriaId": "A28CEEDF-FA40-4922-87A6-35DEBF184DC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.23:*:*:*:*:*:*:*",
"matchCriteriaId": "D4F08111-51B1-4866-8695-C0877FC77D0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.24:*:*:*:*:*:*:*",
"matchCriteriaId": "9FC58A11-78C4-495B-A898-048EE9F3063D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.25:*:*:*:*:*:*:*",
"matchCriteriaId": "620EAB8D-3754-494D-9912-724A0FE1E80F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.26:*:*:*:*:*:*:*",
"matchCriteriaId": "ADBA74BD-EF83-4F29-8040-FB5B35D38C9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.27:*:*:*:*:*:*:*",
"matchCriteriaId": "A1E00BE6-B2B6-4C02-9510-1F3DCC081173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.28:*:*:*:*:*:*:*",
"matchCriteriaId": "A4D9E726-CF92-4DE5-8A04-02428328CC8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.29:*:*:*:*:*:*:*",
"matchCriteriaId": "5E1CAC4E-3CD6-4D0C-8544-9481E57FD338",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.30:*:*:*:*:*:*:*",
"matchCriteriaId": "D1D0F13A-D149-492D-A484-B7F4235B2DC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.31:*:*:*:*:*:*:*",
"matchCriteriaId": "160A9972-DCF2-46A9-8025-938C492E5A0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.32:*:*:*:*:*:*:*",
"matchCriteriaId": "43978845-CC25-4975-8155-AC0999A4268B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.33:*:*:*:*:*:*:*",
"matchCriteriaId": "7B1A6848-16B9-47EC-B7C8-7740086398F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.34:*:*:*:*:*:*:*",
"matchCriteriaId": "D9708D36-4A9B-484A-A627-69A85D66EDF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.35:*:*:*:*:*:*:*",
"matchCriteriaId": "F0AB1C89-79D2-4997-A00D-E6E62243278B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.36:*:*:*:*:*:*:*",
"matchCriteriaId": "C071EA95-4AE2-43DC-900F-3DDD38959754",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.37:*:*:*:*:*:*:*",
"matchCriteriaId": "A6FF1F58-580A-4035-9427-1B4E96FC9E9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.38:*:*:*:*:*:*:*",
"matchCriteriaId": "71499439-2748-4B4F-8659-AE4F67CCC8AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.39:*:*:*:*:*:*:*",
"matchCriteriaId": "50161ECB-FEEA-4E1C-8DF9-5F3F7D944895",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.40:*:*:*:*:*:*:*",
"matchCriteriaId": "6D21BF37-C46C-4AF2-BEDA-F048520B2364",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.41:*:*:*:*:*:*:*",
"matchCriteriaId": "22F33DD4-DDE7-4742-8FC6-15B6A1879A27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.42:*:*:*:*:*:*:*",
"matchCriteriaId": "74509FEE-7166-4E02-8DF1-8F37DF6B0544",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.43:*:*:*:*:*:*:*",
"matchCriteriaId": "1A8CCAAC-4ED2-4EA2-A929-ED2A2422DB39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.44:*:*:*:*:*:*:*",
"matchCriteriaId": "7E5340E4-0C9D-40F5-9E34-14E793A44361",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.45:*:*:*:*:*:*:*",
"matchCriteriaId": "C45701FC-4423-4C05-A32F-75DB4B9F1E4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.46:*:*:*:*:*:*:*",
"matchCriteriaId": "902B67BD-57D8-4088-9FD6-9691ADB86D76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.47:*:*:*:*:*:*:*",
"matchCriteriaId": "28873E30-9073-424E-B68B-8DF11AFB72E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.48:*:*:*:*:*:*:*",
"matchCriteriaId": "B2F8DC97-BBBA-4377-ADF0-1F92AC5E135E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.49:*:*:*:*:*:*:*",
"matchCriteriaId": "C3585890-0DD5-4184-9AEE-5F22EACA2963",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.50:*:*:*:*:*:*:*",
"matchCriteriaId": "3B26DE06-585E-4E8B-81BD-5DAF32CF1893",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.51:*:*:*:*:*:*:*",
"matchCriteriaId": "12188BF1-1307-48B0-AAE4-6C91402B726F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.52:*:*:*:*:*:*:*",
"matchCriteriaId": "335DB844-E49A-439E-A4B3-D8E45BFE5DBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.53:*:*:*:*:*:*:*",
"matchCriteriaId": "DA90B5C3-4F17-4F8C-83A2-DFCD194F965C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.54:*:*:*:*:*:*:*",
"matchCriteriaId": "AA644782-F305-4BDB-B720-FF88D5B40308",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.55:*:*:*:*:*:*:*",
"matchCriteriaId": "97E71936-5F88-4A8C-BFE5-9591FEC3B5F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.56:*:*:*:*:*:*:*",
"matchCriteriaId": "62C9C2B9-DF79-4C9E-87F1-2949F9FC8C6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.57:*:*:*:*:*:*:*",
"matchCriteriaId": "1F458801-EB3D-4295-B7B1-AA8259758157",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.58:*:*:*:*:*:*:*",
"matchCriteriaId": "9FC59E2D-87E5-486E-8035-878B9C85E18A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.59:*:*:*:*:*:*:*",
"matchCriteriaId": "3870B8B2-FAF2-4374-B580-9884B72F2FB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B75A7F-EAAC-4D81-9A10-D8DB45828EC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FA53D5B4-75BF-445F-96AA-4DC308B76E64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6DD5D5D9-604D-4917-99D0-1F41784A6835",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6B2BF60D-EEEE-4F4C-A19F-108C78366089",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5EED880C-5EF5-4FEA-A4BD-58CA61C12A9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DDA80BA5-66B0-4A6C-B552-175DBB930EB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BCDBAF27-D5DC-4379-A76E-7BD2CD98EB5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D957FD98-C2B4-48C2-81A0-37B2581E9F52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0DADB2DA-A12F-426E-9DEB-3628B081F78D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "99C97080-9BD3-4F17-A0E4-80F9F4CD7DB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E764D26C-D2C4-496C-936F-BF6793BF7C70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.12:*:*:*:*:*:*:*",
"matchCriteriaId": "1E574EDD-AD33-4A00-8E14-76F0134EC00B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.13:*:*:*:*:*:*:*",
"matchCriteriaId": "A2274274-C1F8-4E42-AF7A-BDBF379E823E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.14:*:*:*:*:*:*:*",
"matchCriteriaId": "DCB25167-8350-4362-876C-690F5B5B057C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.15:*:*:*:*:*:*:*",
"matchCriteriaId": "28F89423-3AEE-475A-BBBA-B895D9732A14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.16:*:*:*:*:*:*:*",
"matchCriteriaId": "B4B5CB0D-09C9-4CB2-B842-CA68400CDAAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.17:*:*:*:*:*:*:*",
"matchCriteriaId": "F047032B-218E-41BF-9F46-4682D415960E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.18:*:*:*:*:*:*:*",
"matchCriteriaId": "B291CCA0-EAE5-4900-ABF3-9A9D76910BD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.19:*:*:*:*:*:*:*",
"matchCriteriaId": "DB8DAD87-111B-4F17-85CC-65C395851079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.20:*:*:*:*:*:*:*",
"matchCriteriaId": "248878D6-7987-4608-9A28-66F3F7EFB976",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.21:*:*:*:*:*:*:*",
"matchCriteriaId": "62465763-0887-4082-9363-8F70B264F29A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "088B4A1B-3E98-4B9E-8430-30F6E61B560B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.23:*:*:*:*:*:*:*",
"matchCriteriaId": "2A13F165-C8D2-4BCB-84D3-B264C3DDD1FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.24:*:*:*:*:*:*:*",
"matchCriteriaId": "0844334C-E31A-4D85-B12A-AD06A00BF76D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.25:*:*:*:*:*:*:*",
"matchCriteriaId": "10CF4D45-1011-4252-A1A0-7A60BF6010ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.26:*:*:*:*:*:*:*",
"matchCriteriaId": "4F9CB7CA-00B2-4583-ACDB-9269E380D328",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.27:*:*:*:*:*:*:*",
"matchCriteriaId": "DDCF9CD2-4D4C-44CF-BD32-146A7C782DD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.28:*:*:*:*:*:*:*",
"matchCriteriaId": "034CA20F-30F2-4A6B-BE15-685864B4BB41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.29:*:*:*:*:*:*:*",
"matchCriteriaId": "D4B5BB61-A6FF-4F7B-852F-6EE86992E5C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.30:*:*:*:*:*:*:*",
"matchCriteriaId": "1D25BD5D-948B-4E5E-B25D-669CEDA02A1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.31:*:*:*:*:*:*:*",
"matchCriteriaId": "4634673B-84CD-4FCD-AECB-D5B865C0B05B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.32:*:*:*:*:*:*:*",
"matchCriteriaId": "57AE9EB2-4FA8-4186-B6F2-3F8EE3AB880E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.33:*:*:*:*:*:*:*",
"matchCriteriaId": "2B077E17-2BDC-4A55-990C-EE9036D80895",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.34:*:*:*:*:*:*:*",
"matchCriteriaId": "ECAB3961-38F3-4AEE-8EEA-AC929F93F9C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.35:*:*:*:*:*:*:*",
"matchCriteriaId": "FB91D749-3F61-4EAA-872B-27E66BF6D234",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.36:*:*:*:*:*:*:*",
"matchCriteriaId": "F23EA9FC-3396-40DB-925F-62CBA92B407C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.37:*:*:*:*:*:*:*",
"matchCriteriaId": "47D4AF5F-FCC7-4795-9E12-7EEA3686F059",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC87A91E-9804-4E77-99F0-75D87C970151",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.39:*:*:*:*:*:*:*",
"matchCriteriaId": "BE43BD2D-DD11-49F8-9894-719982B1B4FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.40:*:*:*:*:*:*:*",
"matchCriteriaId": "3BF27099-228F-422B-95BA-F8BDDCD72D18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "15F08919-8764-419D-A399-1EAA6B055C5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "09BA6E79-22B6-4E5E-8C85-BBA8CB6C1828",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FB328ACE-FC3C-4255-9400-A9BBC5059F5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "877383E9-545F-4324-B8EA-76F33B7C11C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7B6BCA5E-1A43-41AA-ACEC-2C73E1B84D26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0CF15EDB-2707-43E2-9B53-C0CCA28AC972",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C896CBBE-BE7B-44C3-A25E-F85BC7F6CE51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "944374E2-A07E-4EEA-BE0C-47EF62FFABA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.9:*:*:*:*:*:*:*",
"matchCriteriaId": "CAEA85D5-10B2-4003-A857-2C46F9559694",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "799E1F2E-DA5F-41B5-9B83-55661E18D726",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.11:*:*:*:*:*:*:*",
"matchCriteriaId": "AD9369A6-F59D-4C7A-830E-6EAC6F81A493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.12:*:*:*:*:*:*:*",
"matchCriteriaId": "31A2732A-0309-4DF0-9EF1-7954D10BCFCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.13:*:*:*:*:*:*:*",
"matchCriteriaId": "C3101A31-55B3-4212-B78F-FE574B445F91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.14:*:*:*:*:*:*:*",
"matchCriteriaId": "DED599DA-D25C-45FD-9CDA-8E9E2D17364C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.15:*:*:*:*:*:*:*",
"matchCriteriaId": "EBA779B7-1660-48B7-A648-E3952BFD1B14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.16:*:*:*:*:*:*:*",
"matchCriteriaId": "83A66A35-48D1-48E5-97A9-A6F136EC9BEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.17:*:*:*:*:*:*:*",
"matchCriteriaId": "598033B9-A0FB-4A5B-9417-5A434608232A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.18:*:*:*:*:*:*:*",
"matchCriteriaId": "A6CE5BCF-A1C8-4F24-A5BC-70FAF096253F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.19:*:*:*:*:*:*:*",
"matchCriteriaId": "85E0C92F-485D-4675-95F8-672E8489AF64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.20:*:*:*:*:*:*:*",
"matchCriteriaId": "6B95BB7C-D9D7-4A63-B8AB-6EB456D236A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.21:*:*:*:*:*:*:*",
"matchCriteriaId": "A06AE8D5-F30A-4F73-AF69-622F01D0BF0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.22:*:*:*:*:*:*:*",
"matchCriteriaId": "167A8FDC-4C37-4AC4-9A0D-B73602F8062F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A4FA79FA-C53E-4852-941B-F8B32EBC0BE1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.60, 1.7.x versions prior to 1.7.41, 1.8.x versions prior to 1.8.23, and 1.9.x versions prior to 1.9.1. Incomplete validation logic in JSON Web Token (JWT) libraries can allow unprivileged attackers to impersonate other users in multiple components included in PCF Elastic Runtime, aka an \"Unauthenticated JWT signing algorithm in multiple components\" issue."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en Pivotal PCF Elastic Runtime en versiones 1.6.x anteriores a la 1.6.60, versiones 1.7.x anteriores a la 1.7.41, versiones 1.8.x anteriores a la 1.8.23 y versiones 1.9.x anteriores a la 1.9.1. La l\u00f3gica de validaci\u00f3n incompleta en las bibliotecas JSON Web Token (JWT) puede permitir que atacantes no privilegiados suplanten a otros usuarios en m\u00faltiples componentes incluidos en PCF Elastic Runtime. Esto tambi\u00e9n se conoce como problema \"Unauthenticated JWT signing algorithm in multiple components\"."
}
],
"id": "CVE-2017-2773",
"lastModified": "2024-11-21T03:24:07.823",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-06-13T06:29:00.300",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97135"
},
{
"source": "security_alert@emc.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2017-2773"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97135"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2017-2773"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-05-25 17:29
Modified
2024-11-21 02:49
Severity ?
Summary
The UAA reset password flow in Cloud Foundry release v236 and earlier versions, UAA release v3.3.0 and earlier versions, all versions of Login-server, UAA release v10 and earlier versions and Pivotal Elastic Runtime versions prior to 1.7.2 is vulnerable to a brute force attack due to multiple active codes at a given time. This vulnerability is applicable only when using the UAA internal user store for authentication. Deployments enabled for integration via SAML or LDAP are not affected.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security_alert@emc.com | https://pivotal.io/security/cve-2016-3084 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pivotal.io/security/cve-2016-3084 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:*:*:*:*:*:*:*:*",
"matchCriteriaId": "57DF722B-A92F-40C3-8764-947D572F5D9A",
"versionEndIncluding": "10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F090E28-89CF-409D-882D-3AB25689E3CE",
"versionEndIncluding": "236",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9B7E04E4-FB07-4193-AFCD-4FD727460E7D",
"versionEndIncluding": "1.7.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CA8C03CB-F0E7-4CE7-8B25-08E20520B5CE",
"versionEndIncluding": "3.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:login-server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "60348882-C48C-434B-B311-A157E3BFC833",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The UAA reset password flow in Cloud Foundry release v236 and earlier versions, UAA release v3.3.0 and earlier versions, all versions of Login-server, UAA release v10 and earlier versions and Pivotal Elastic Runtime versions prior to 1.7.2 is vulnerable to a brute force attack due to multiple active codes at a given time. This vulnerability is applicable only when using the UAA internal user store for authentication. Deployments enabled for integration via SAML or LDAP are not affected."
},
{
"lang": "es",
"value": "El flujo de la contrase\u00f1a de restablecimiento de UAA en Cloud Foundry release versi\u00f3n v236 y anteriores, UAA release versi\u00f3n v3.3.0 y anteriores, todas las versiones de Login-server, UAA release versi\u00f3n v10 y anteriores y Pivotal Elastic Runtime versiones anteriores a 1.7.2, son vulnerables a un ataque de fuerza bruta debido a m\u00faltiples c\u00f3digos activos en un momento dado. Esta vulnerabilidad solo es aplicable cuando usa el almac\u00e9n de usuarios interno de UAA para la autenticaci\u00f3n. Las implementaciones habilitadas para la integraci\u00f3n por medio de SAML o LDAP no est\u00e1n afectadas."
}
],
"id": "CVE-2016-3084",
"lastModified": "2024-11-21T02:49:19.913",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-25T17:29:00.630",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2016-3084"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2016-3084"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-05-25 17:29
Modified
2024-11-21 02:28
Severity ?
Summary
With Cloud Foundry Runtime cf-release versions v208 or earlier, UAA Standalone versions 2.2.5 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier, old Password Reset Links are not expired after the user changes their current email address to a new one. This vulnerability is applicable only when using the UAA internal user store for authentication. Deployments enabled for integration via SAML or LDAP are not affected.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security_alert@emc.com | https://pivotal.io/security/cve-2015-3189 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pivotal.io/security/cve-2015-3189 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cloudfoundry | cf-release | * | |
| pivotal_software | cloud_foundry_elastic_runtime | * | |
| pivotal_software | cloud_foundry_uaa | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cloudfoundry:cf-release:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F11FD354-9940-4745-BF27-19108E2E567E",
"versionEndIncluding": "208",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AB6812A0-8836-4F25-9AC1-DB552BC605ED",
"versionEndIncluding": "1.4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F876A8B-AA8F-4DAD-B840-6CDF1076AF9D",
"versionEndIncluding": "2.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "With Cloud Foundry Runtime cf-release versions v208 or earlier, UAA Standalone versions 2.2.5 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier, old Password Reset Links are not expired after the user changes their current email address to a new one. This vulnerability is applicable only when using the UAA internal user store for authentication. Deployments enabled for integration via SAML or LDAP are not affected."
},
{
"lang": "es",
"value": "En Cloud Foundry Runtime versiones v208 y anteriores, UAA Standalone versiones 2.2.5 o anteriores y Pivotal Cloud Foundry Runtime, versiones 1.4.5 o anteriores, los enlaces a contrase\u00f1as antiguas reseteadas no expiran despu\u00e9s de que un usuario cambie su direcci\u00f3n de correo electr\u00f3nico actual a una nueva. Esta vulnerabilidad aplica solo cuando se almacena el UAA del usuario interno para la autenticaci\u00f3n. Despliegues habilitados para la integraci\u00f3n a trav\u00e9s de SAML o LDAP no estar\u00edan afectados."
}
],
"id": "CVE-2015-3189",
"lastModified": "2024-11-21T02:28:51.873",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-25T17:29:00.333",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2015-3189"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2015-3189"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-640"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-05-25 17:29
Modified
2024-11-21 02:42
Severity ?
Summary
It was discovered that cf-release v231 and lower, Pivotal Cloud Foundry Elastic Runtime 1.5.x versions prior to 1.5.17 and Pivotal Cloud Foundry Elastic Runtime 1.6.x versions prior to 1.6.18 do not properly enforce disk quotas in certain cases. An attacker could use an improper disk quota value to bypass enforcement and consume all the disk on DEAs/CELLs causing a potential denial of service for other applications.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security_alert@emc.com | https://pivotal.io/security/cve-2016-0780 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pivotal.io/security/cve-2016-0780 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cloudfoundry:cf-release:231:*:*:*:*:*:*:*",
"matchCriteriaId": "DBA563A9-3C12-4F83-9E63-BC03636BC799",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "472AA352-D04B-45D0-AAD7-95CE0738E9AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9619B693-4B49-4FDC-AB49-5E6B2F124AB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F7C2DED8-D527-4732-B57F-489CF5626352",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D585B534-0CD9-400D-A237-B026A83082C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "50C759FB-0796-4214-B085-0565AB75C216",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8430DACA-7518-47BB-A89F-B7E83190C54C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "29F9167C-F195-4004-9EF4-43F199F05E3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "48B486D0-318D-4912-A992-5B89D93C11BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E015CE12-73EB-4FAD-B569-719F93685B0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "16AE14C4-FA84-4E8B-9231-83DB4F71DC35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "06576161-44B7-4EB1-8C26-C49CFF3FD11B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.5.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D6F9581A-42DB-4ADE-AFA1-2364371CC24A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.5.12:*:*:*:*:*:*:*",
"matchCriteriaId": "2DCDE033-923F-4338-9E45-22FE684B43ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.5.13:*:*:*:*:*:*:*",
"matchCriteriaId": "D300B952-8EF3-4CB1-88B6-125837C3474B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.5.14:*:*:*:*:*:*:*",
"matchCriteriaId": "71AFAFE8-3B21-4AF0-8B3D-597FEEFEEDE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.5.15:*:*:*:*:*:*:*",
"matchCriteriaId": "21202F77-DF05-4A07-8CEB-76DD03395957",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.5.16:*:*:*:*:*:*:*",
"matchCriteriaId": "1A9BA6EB-6BC0-4A74-9726-3F242D00FE78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CC5918-BC38-46E3-8000-5FE87A65C0E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "36926681-35F4-4619-9613-155DEEEA3C8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "41FF3C2B-E96F-4DF7-A5C4-703206CB729E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F9CB3C2D-3080-4A3D-8D8D-1381B5D98920",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "782781EB-147C-4B00-84C5-1D8443BFA2D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "35A56755-EEB2-4C93-B180-3918A36965AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E4009F10-08AF-470B-B903-38B8A6DBF332",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2B2E8F04-53E6-4A3C-BE4B-8D0DDA22CA8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "790DAB24-893A-463F-8358-171DACD75074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3645A1A8-4945-447F-A968-101D5938F9C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "0E52C9B9-8F94-48D8-ADA6-96918F6AAD36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "3948FC2F-AF3B-4AF3-968D-F124D03A213A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.12:*:*:*:*:*:*:*",
"matchCriteriaId": "4BA44F9B-97D5-48C0-91E9-6D3FEC8B7773",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.13:*:*:*:*:*:*:*",
"matchCriteriaId": "7B414F88-6541-48C6-B9D6-4DDA035A0037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.14:*:*:*:*:*:*:*",
"matchCriteriaId": "66235C7F-D5EE-4989-8D24-6D0781954234",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.15:*:*:*:*:*:*:*",
"matchCriteriaId": "12E75B49-2419-4313-A648-B5283DA620E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.16:*:*:*:*:*:*:*",
"matchCriteriaId": "EED70273-3FB2-4652-9AA2-10E2E9D581DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.17:*:*:*:*:*:*:*",
"matchCriteriaId": "A2C07910-C462-46C1-83CB-39B3FD8D25BC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "It was discovered that cf-release v231 and lower, Pivotal Cloud Foundry Elastic Runtime 1.5.x versions prior to 1.5.17 and Pivotal Cloud Foundry Elastic Runtime 1.6.x versions prior to 1.6.18 do not properly enforce disk quotas in certain cases. An attacker could use an improper disk quota value to bypass enforcement and consume all the disk on DEAs/CELLs causing a potential denial of service for other applications."
},
{
"lang": "es",
"value": "Se detect\u00f3 que cf-release versi\u00f3n v231 e inferior, Pivotal Cloud Foundry Elastic Runtime versiones 1.5.x anteriores a 1.5.17 y Pivotal Cloud Foundry Elastic Runtime versiones 1.6.x anteriores a 1.6.18, no hacen cumplir las cuotas de disco apropiadamente en ciertos casos. Un atacante podr\u00eda usar un valor de cuota de disco inapropiado para omitir la ejecuci\u00f3n y consumo de todo el disco en DEAs/CELLs, causando una potencial denegaci\u00f3n de servicio para otras aplicaciones."
}
],
"id": "CVE-2016-0780",
"lastModified": "2024-11-21T02:42:22.113",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-25T17:29:00.520",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2016-0780"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2016-0780"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-04-11 15:59
Modified
2024-11-21 02:52
Severity ?
Summary
SQL injection vulnerability in Pivotal Cloud Foundry (PCF) before 238; UAA 2.x before 2.7.4.4, 3.x before 3.3.0.2, and 3.4.x before 3.4.1; UAA BOSH before 11.2 and 12.x before 12.2; Elastic Runtime before 1.6.29 and 1.7.x before 1.7.7; and Ops Manager 1.7.x before 1.7.8 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE34AD8-2C6B-4C29-AC93-650AE7303EAF",
"versionEndIncluding": "12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry:*:*:*:*:*:*:*:*",
"matchCriteriaId": "67C1C3E2-5504-4B0C-A3B2-D3977DEA9689",
"versionEndIncluding": "237.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CC5918-BC38-46E3-8000-5FE87A65C0E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "36926681-35F4-4619-9613-155DEEEA3C8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "41FF3C2B-E96F-4DF7-A5C4-703206CB729E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F9CB3C2D-3080-4A3D-8D8D-1381B5D98920",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "782781EB-147C-4B00-84C5-1D8443BFA2D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "35A56755-EEB2-4C93-B180-3918A36965AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E4009F10-08AF-470B-B903-38B8A6DBF332",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2B2E8F04-53E6-4A3C-BE4B-8D0DDA22CA8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "790DAB24-893A-463F-8358-171DACD75074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3645A1A8-4945-447F-A968-101D5938F9C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "0E52C9B9-8F94-48D8-ADA6-96918F6AAD36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "3948FC2F-AF3B-4AF3-968D-F124D03A213A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.12:*:*:*:*:*:*:*",
"matchCriteriaId": "4BA44F9B-97D5-48C0-91E9-6D3FEC8B7773",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.13:*:*:*:*:*:*:*",
"matchCriteriaId": "7B414F88-6541-48C6-B9D6-4DDA035A0037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.14:*:*:*:*:*:*:*",
"matchCriteriaId": "66235C7F-D5EE-4989-8D24-6D0781954234",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.15:*:*:*:*:*:*:*",
"matchCriteriaId": "12E75B49-2419-4313-A648-B5283DA620E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.17:*:*:*:*:*:*:*",
"matchCriteriaId": "A2C07910-C462-46C1-83CB-39B3FD8D25BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.18:*:*:*:*:*:*:*",
"matchCriteriaId": "C6B9243E-31EF-48AB-BAB5-CCC3704A219F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.19:*:*:*:*:*:*:*",
"matchCriteriaId": "2BCB1D4B-F44C-41A1-90CA-62FD37003A1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.20:*:*:*:*:*:*:*",
"matchCriteriaId": "F623783F-46DF-454E-BD83-5D2AE35EA9B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.21:*:*:*:*:*:*:*",
"matchCriteriaId": "6BD9D35B-3E85-49FD-BA0A-D9020C5F280E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.22:*:*:*:*:*:*:*",
"matchCriteriaId": "A28CEEDF-FA40-4922-87A6-35DEBF184DC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.23:*:*:*:*:*:*:*",
"matchCriteriaId": "D4F08111-51B1-4866-8695-C0877FC77D0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.25:*:*:*:*:*:*:*",
"matchCriteriaId": "620EAB8D-3754-494D-9912-724A0FE1E80F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.26:*:*:*:*:*:*:*",
"matchCriteriaId": "ADBA74BD-EF83-4F29-8040-FB5B35D38C9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.27:*:*:*:*:*:*:*",
"matchCriteriaId": "A1E00BE6-B2B6-4C02-9510-1F3DCC081173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.28:*:*:*:*:*:*:*",
"matchCriteriaId": "A4D9E726-CF92-4DE5-8A04-02428328CC8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "85E08C11-76E1-4F91-8061-5DA1BABD8767",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B75A7F-EAAC-4D81-9A10-D8DB45828EC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FA53D5B4-75BF-445F-96AA-4DC308B76E64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6DD5D5D9-604D-4917-99D0-1F41784A6835",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6B2BF60D-EEEE-4F4C-A19F-108C78366089",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5EED880C-5EF5-4FEA-A4BD-58CA61C12A9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DDA80BA5-66B0-4A6C-B552-175DBB930EB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BCDBAF27-D5DC-4379-A76E-7BD2CD98EB5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "258FAFB4-2B67-456B-BE78-1562A3D5E9A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A2D55721-7B40-4277-9E5A-4A9688D12ADF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7B931453-BA62-45A2-8574-A590E2DE55DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BA7E6331-33BC-4F3D-86C7-4DDBCB2B3B91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9FCBC4AE-B126-4EF6-B75E-062423E3F161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "ED35AA0C-9427-492A-972A-D82972BBD9CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7412837F-8F31-48A5-81AF-51E7A4A40310",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6A8A33E4-AFCD-436B-8635-7F45F4B043F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "79217281-FDA5-44AD-82A9-7375F9562345",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E7FB48BC-5523-4B18-860C-A1DA648F2C1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:*:*:*:*:*:*:*:*",
"matchCriteriaId": "01643DD1-A29E-429D-BED2-16A593BF4DF2",
"versionEndIncluding": "3.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Pivotal Cloud Foundry (PCF) before 238; UAA 2.x before 2.7.4.4, 3.x before 3.3.0.2, and 3.4.x before 3.4.1; UAA BOSH before 11.2 and 12.x before 12.2; Elastic Runtime before 1.6.29 and 1.7.x before 1.7.7; and Ops Manager 1.7.x before 1.7.8 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en Pivotal Cloud Foundry (PCF) en versiones anteriores a 238; UAA 2.x en versiones anteriores a 2.7.4.4, 3.x en versiones anteriores a 3.3.0.2 y 3.4.x en versiones anteriores a 3.4.1; UAA BOSH en versiones anteriores a 11.2 y 12.x en versiones anteriores a 12.2; Elastic Runtime en versiones anteriores a 1.6.29 y 1.7.x en versiones anteriores a 1.7.7; y Ops Manager 1.7.x en versiones anteriores a 1.7.8 permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2016-4468",
"lastModified": "2024-11-21T02:52:16.883",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-11T15:59:00.150",
"references": [
{
"source": "secalert@redhat.com",
"url": "https://lists.cloudfoundry.org/archives/list/cf-dev%40lists.cloudfoundry.org/thread/WMTZBIH5U7DTOOX2SNRVTPQI3U2AINOB/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2016-4468"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.cloudfoundry.org/archives/list/cf-dev%40lists.cloudfoundry.org/thread/WMTZBIH5U7DTOOX2SNRVTPQI3U2AINOB/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2016-4468"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-05-25 17:29
Modified
2024-11-21 02:28
Severity ?
Summary
With Cloud Foundry Runtime cf-release versions v209 or earlier, UAA Standalone versions 2.2.6 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier the change_email form in UAA is vulnerable to a CSRF attack. This allows an attacker to trigger an e-mail change for a user logged into a cloud foundry instance via a malicious link on a attacker controlled site. This vulnerability is applicable only when using the UAA internal user store for authentication. Deployments enabled for integration via SAML or LDAP are not affected.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security_alert@emc.com | https://pivotal.io/security/cve-2015-3191 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pivotal.io/security/cve-2015-3191 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cloudfoundry | cf-release | * | |
| pivotal_software | cloud_foundry_elastic_runtime | * | |
| pivotal_software | cloud_foundry_uaa | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cloudfoundry:cf-release:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D648E4CC-C6C7-4C5C-B554-528D4DBDC079",
"versionEndIncluding": "209",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AB6812A0-8836-4F25-9AC1-DB552BC605ED",
"versionEndIncluding": "1.4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D7981BF0-D4AF-4E06-96DE-725FE2D581A5",
"versionEndIncluding": "2.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "With Cloud Foundry Runtime cf-release versions v209 or earlier, UAA Standalone versions 2.2.6 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier the change_email form in UAA is vulnerable to a CSRF attack. This allows an attacker to trigger an e-mail change for a user logged into a cloud foundry instance via a malicious link on a attacker controlled site. This vulnerability is applicable only when using the UAA internal user store for authentication. Deployments enabled for integration via SAML or LDAP are not affected."
},
{
"lang": "es",
"value": "En Cloud Foundry Runtime versiones v209 y anteriores, UAA Standalone versiones 2.2.6 o anteriores y Pivotal Cloud Foundry Runtime, versiones 1.4.5 o anteriores, el formulario change_email en UAA es vulnerable a un ataque de tipo CSFR. Esto permitir\u00eda a un atacante activar un cambio de e-mail para un usuario logado en una instancia de Cloud Foundry a trav\u00e9s de un link malicioso en un site controlado por el atacante. Despliegues habilitados para la integraci\u00f3n a trav\u00e9s de SAML o LDAP no estar\u00edan afectados."
}
],
"id": "CVE-2015-3191",
"lastModified": "2024-11-21T02:28:52.110",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-25T17:29:00.410",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2015-3191"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2015-3191"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-05-25 17:29
Modified
2024-11-21 02:47
Severity ?
Summary
The Loggregator Traffic Controller endpoints in cf-release v231 and lower, Pivotal Elastic Runtime versions prior to 1.5.19 AND 1.6.x versions prior to 1.6.20 are not cleansing request URL paths when they are invalid and are returning them in the 404 response. This could allow malicious scripts to be written directly into the 404 response.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security_alert@emc.com | https://pivotal.io/security/cve-2016-2165 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pivotal.io/security/cve-2016-2165 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cloudfoundry:cf-release:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9FA3664A-60D8-4339-8021-9D6966427DAC",
"versionEndIncluding": "231",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:*:*:*:*:*:*:*:*",
"matchCriteriaId": "09AC8F12-A0E9-47E4-9F0F-A8168B825393",
"versionEndIncluding": "1.5.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CC5918-BC38-46E3-8000-5FE87A65C0E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "36926681-35F4-4619-9613-155DEEEA3C8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "41FF3C2B-E96F-4DF7-A5C4-703206CB729E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F9CB3C2D-3080-4A3D-8D8D-1381B5D98920",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "782781EB-147C-4B00-84C5-1D8443BFA2D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "35A56755-EEB2-4C93-B180-3918A36965AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E4009F10-08AF-470B-B903-38B8A6DBF332",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2B2E8F04-53E6-4A3C-BE4B-8D0DDA22CA8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "790DAB24-893A-463F-8358-171DACD75074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3645A1A8-4945-447F-A968-101D5938F9C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "0E52C9B9-8F94-48D8-ADA6-96918F6AAD36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "3948FC2F-AF3B-4AF3-968D-F124D03A213A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.12:*:*:*:*:*:*:*",
"matchCriteriaId": "4BA44F9B-97D5-48C0-91E9-6D3FEC8B7773",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.13:*:*:*:*:*:*:*",
"matchCriteriaId": "7B414F88-6541-48C6-B9D6-4DDA035A0037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.14:*:*:*:*:*:*:*",
"matchCriteriaId": "66235C7F-D5EE-4989-8D24-6D0781954234",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.15:*:*:*:*:*:*:*",
"matchCriteriaId": "12E75B49-2419-4313-A648-B5283DA620E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.16:*:*:*:*:*:*:*",
"matchCriteriaId": "EED70273-3FB2-4652-9AA2-10E2E9D581DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.17:*:*:*:*:*:*:*",
"matchCriteriaId": "A2C07910-C462-46C1-83CB-39B3FD8D25BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.18:*:*:*:*:*:*:*",
"matchCriteriaId": "C6B9243E-31EF-48AB-BAB5-CCC3704A219F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.19:*:*:*:*:*:*:*",
"matchCriteriaId": "2BCB1D4B-F44C-41A1-90CA-62FD37003A1F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Loggregator Traffic Controller endpoints in cf-release v231 and lower, Pivotal Elastic Runtime versions prior to 1.5.19 AND 1.6.x versions prior to 1.6.20 are not cleansing request URL paths when they are invalid and are returning them in the 404 response. This could allow malicious scripts to be written directly into the 404 response."
},
{
"lang": "es",
"value": "Los endpoints de Loggregator Traffic Controller en cf-release versiones v231 e inferiores, Pivotal Elastic Runtime anteriores a 1.5.19 y versiones 1.6.x anteriores a 1.6.20, no est\u00e1n limpiando las rutas (path) URL de petici\u00f3n cuando no son v\u00e1lidas y son devueltas en la respuesta 404 . Esto podr\u00eda permitir que los scripts maliciosos se escriban directamente en la respuesta 404."
}
],
"id": "CVE-2016-2165",
"lastModified": "2024-11-21T02:47:56.467",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-25T17:29:00.600",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2016-2165"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2016-2165"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-24 17:29
Modified
2024-11-21 02:32
Severity ?
Summary
Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire password reset links.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://pivotal.io/security/cve-2015-5170-5173 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pivotal.io/security/cve-2015-5170-5173 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cloudfoundry | cf-release | * | |
| pivotal_software | cloud_foundry_elastic_runtime | * | |
| pivotal_software | cloud_foundry_uaa | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cloudfoundry:cf-release:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E39C984-9592-4C18-A220-F3BF2FF0E4D3",
"versionEndExcluding": "216",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:*:*:*:*:*:*:*:*",
"matchCriteriaId": "349BBE7C-CB38-4F96-B42C-03982C4D6071",
"versionEndExcluding": "1.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6FF9860B-08BA-42CA-A3C0-34BE821C47B2",
"versionEndExcluding": "2.5.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire password reset links."
},
{
"lang": "es",
"value": "Cloud Foundry Runtime cf-release en versiones anteriores a la 216, UAA en versiones anteriores a la 2.5.2 y Pivotal Cloud Foundry (PCF) Elastic Runtime en versiones anteriores a la 1.7.0 permite que atacantes causen un impacto no especificado aprovechando que no caducan los enlaces de reinicio de contrase\u00f1a."
}
],
"id": "CVE-2015-5172",
"lastModified": "2024-11-21T02:32:29.773",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-24T17:29:00.260",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2015-5170-5173"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2015-5170-5173"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-640"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-24 17:29
Modified
2024-11-21 02:32
Severity ?
Summary
Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow remote attackers to conduct cross-site request forgery (CSRF) attacks on PWS and log a user into an arbitrary account by leveraging lack of CSRF checks.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://www.securityfocus.com/bid/101579 | Third Party Advisory, VDB Entry | |
| secalert@redhat.com | https://pivotal.io/security/cve-2015-5170-5173 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/101579 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pivotal.io/security/cve-2015-5170-5173 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cloudfoundry | cf-release | * | |
| pivotal_software | cloud_foundry_elastic_runtime | * | |
| pivotal_software | cloud_foundry_uaa | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cloudfoundry:cf-release:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E39C984-9592-4C18-A220-F3BF2FF0E4D3",
"versionEndExcluding": "216",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:*:*:*:*:*:*:*:*",
"matchCriteriaId": "349BBE7C-CB38-4F96-B42C-03982C4D6071",
"versionEndExcluding": "1.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6FF9860B-08BA-42CA-A3C0-34BE821C47B2",
"versionEndExcluding": "2.5.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow remote attackers to conduct cross-site request forgery (CSRF) attacks on PWS and log a user into an arbitrary account by leveraging lack of CSRF checks."
},
{
"lang": "es",
"value": "Cloud Foundry Runtime cf-release en versiones anteriores a la 216, UAA en versiones anteriores a la 2.5.2 y Pivotal Cloud Foundry (PCF) Elastic Runtime en versiones anteriores a la 1.7.0 permite que atacantes remotos realicen ataques Cross-Site Request Forgery (CSRF) en PWS y registren un usuario en una cuenta arbitraria aprovech\u00e1ndose de la falta de chequeos contra CSRF."
}
],
"id": "CVE-2015-5170",
"lastModified": "2024-11-21T02:32:29.570",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-24T17:29:00.183",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101579"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2015-5170-5173"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101579"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2015-5170-5173"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-05-25 17:29
Modified
2024-11-21 02:42
Severity ?
Summary
The UAA OAuth approval pages in Cloud Foundry v208 to v231, Login-server v1.6 to v1.14, UAA v2.0.0 to v2.7.4.1, UAA v3.0.0 to v3.2.0, UAA-Release v2 to v7 and Pivotal Elastic Runtime 1.6.x versions prior to 1.6.20 are vulnerable to an XSS attack by specifying malicious java script content in either the OAuth scopes (SCIM groups) or SCIM group descriptions.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security_alert@emc.com | https://pivotal.io/security/cve-2016-0781 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pivotal.io/security/cve-2016-0781 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:2:*:*:*:*:*:*:*",
"matchCriteriaId": "0B26A4D4-761B-417C-B88F-525F50A06E6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:3:*:*:*:*:*:*:*",
"matchCriteriaId": "B74EB16D-F061-4CD8-A37D-24FAC9CE22C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:4:*:*:*:*:*:*:*",
"matchCriteriaId": "92741034-1A45-4B1A-8444-3488CA46EC0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:5:*:*:*:*:*:*:*",
"matchCriteriaId": "E716295D-4C12-48CD-816F-ADC4920863E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:6:*:*:*:*:*:*:*",
"matchCriteriaId": "2D0181FC-AD4C-4E4E-9F52-6B12E4370780",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:7:*:*:*:*:*:*:*",
"matchCriteriaId": "07524E58-F47F-46E5-BF63-B1F11B193F97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry:208:*:*:*:*:*:*:*",
"matchCriteriaId": "21CE9A23-D596-4C33-AD29-51AFB35A53BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry:209:*:*:*:*:*:*:*",
"matchCriteriaId": "68E4680C-235B-4DF3-B395-FC844F21B7E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry:210:*:*:*:*:*:*:*",
"matchCriteriaId": "10BBBDE6-72E0-4A36-AE57-85BFF7A03137",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry:211:*:*:*:*:*:*:*",
"matchCriteriaId": "2CE52DC3-D982-4E81-AAD7-7CA9AB756AB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry:212:*:*:*:*:*:*:*",
"matchCriteriaId": "719F9D8D-704E-4883-A932-652999074E1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry:213:*:*:*:*:*:*:*",
"matchCriteriaId": "AFB58BDC-9916-48F8-83BE-EDFE00835738",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry:214:*:*:*:*:*:*:*",
"matchCriteriaId": "51073766-5A57-4F50-AF35-3AD0041D2B09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry:215:*:*:*:*:*:*:*",
"matchCriteriaId": "5E0CA70B-BD79-4CB2-AFDC-D89981993CBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry:216:*:*:*:*:*:*:*",
"matchCriteriaId": "C4179C04-0EFB-43E5-B690-E516C6F0634B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry:217:*:*:*:*:*:*:*",
"matchCriteriaId": "3770814F-FC94-467E-ACF4-89A9239B4893",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry:218:*:*:*:*:*:*:*",
"matchCriteriaId": "ED374619-C2CE-4E74-BDE2-0B39D7C8A1E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry:219:*:*:*:*:*:*:*",
"matchCriteriaId": "A1939DBF-E885-4CF1-9FF8-296A6ED1F241",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry:220:*:*:*:*:*:*:*",
"matchCriteriaId": "CF5ED010-699D-48DE-AA2F-57E6CE682AF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry:221:*:*:*:*:*:*:*",
"matchCriteriaId": "68FE1621-874C-41F6-9A27-4C3E5F22C3A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry:222:*:*:*:*:*:*:*",
"matchCriteriaId": "82D4B35F-F760-4B6C-B289-411155CA6876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry:223:*:*:*:*:*:*:*",
"matchCriteriaId": "0C172BAC-2766-4B37-A19A-2EB25C68C38F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry:224:*:*:*:*:*:*:*",
"matchCriteriaId": "1A10DC4A-5682-476E-8A1C-8829D05FF248",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry:225:*:*:*:*:*:*:*",
"matchCriteriaId": "DBF25D96-83C1-4D0D-A1F1-7D5805AB4EC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry:226:*:*:*:*:*:*:*",
"matchCriteriaId": "94473ECC-E916-4670-AB94-8EF3F4450643",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry:227:*:*:*:*:*:*:*",
"matchCriteriaId": "89D4528D-6644-44B0-B5AB-FB4480839EA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry:228:*:*:*:*:*:*:*",
"matchCriteriaId": "96AD7EC1-0490-4513-A5C1-6FCB0470529B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry:229:*:*:*:*:*:*:*",
"matchCriteriaId": "744A61DF-A49E-4931-8DF1-21EB3AC56208",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry:230:*:*:*:*:*:*:*",
"matchCriteriaId": "4D62EEBF-B07C-4838-BDCC-DB3F2D4CF6F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry:231:*:*:*:*:*:*:*",
"matchCriteriaId": "03D7EDBF-808E-4D12-AA77-A0720F08EB4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry:241:*:*:*:*:*:*:*",
"matchCriteriaId": "FF6B386F-3363-45CE-8F6A-91FEA00D0E82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CC5918-BC38-46E3-8000-5FE87A65C0E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "36926681-35F4-4619-9613-155DEEEA3C8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "41FF3C2B-E96F-4DF7-A5C4-703206CB729E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F9CB3C2D-3080-4A3D-8D8D-1381B5D98920",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "782781EB-147C-4B00-84C5-1D8443BFA2D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "35A56755-EEB2-4C93-B180-3918A36965AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E4009F10-08AF-470B-B903-38B8A6DBF332",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2B2E8F04-53E6-4A3C-BE4B-8D0DDA22CA8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "790DAB24-893A-463F-8358-171DACD75074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3645A1A8-4945-447F-A968-101D5938F9C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "0E52C9B9-8F94-48D8-ADA6-96918F6AAD36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "3948FC2F-AF3B-4AF3-968D-F124D03A213A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.12:*:*:*:*:*:*:*",
"matchCriteriaId": "4BA44F9B-97D5-48C0-91E9-6D3FEC8B7773",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.13:*:*:*:*:*:*:*",
"matchCriteriaId": "7B414F88-6541-48C6-B9D6-4DDA035A0037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.14:*:*:*:*:*:*:*",
"matchCriteriaId": "66235C7F-D5EE-4989-8D24-6D0781954234",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.15:*:*:*:*:*:*:*",
"matchCriteriaId": "12E75B49-2419-4313-A648-B5283DA620E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.16:*:*:*:*:*:*:*",
"matchCriteriaId": "EED70273-3FB2-4652-9AA2-10E2E9D581DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.17:*:*:*:*:*:*:*",
"matchCriteriaId": "A2C07910-C462-46C1-83CB-39B3FD8D25BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.18:*:*:*:*:*:*:*",
"matchCriteriaId": "C6B9243E-31EF-48AB-BAB5-CCC3704A219F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.19:*:*:*:*:*:*:*",
"matchCriteriaId": "2BCB1D4B-F44C-41A1-90CA-62FD37003A1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:*:*:*:*:*:*:*:*",
"matchCriteriaId": "002CACDF-D085-44B6-BE47-6FB61F1EB0D8",
"versionEndIncluding": "2.7.4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "03D97B63-F59C-47FD-9919-3B543F0C4BE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2BF268FB-5CAA-4441-A5EA-F65080A65815",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "597CA1EF-4E57-4676-B772-239EFB684C5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1D44FEC0-341E-4AD4-B0BC-0B10FDB6DB8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:login-server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "60348882-C48C-434B-B311-A157E3BFC833",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The UAA OAuth approval pages in Cloud Foundry v208 to v231, Login-server v1.6 to v1.14, UAA v2.0.0 to v2.7.4.1, UAA v3.0.0 to v3.2.0, UAA-Release v2 to v7 and Pivotal Elastic Runtime 1.6.x versions prior to 1.6.20 are vulnerable to an XSS attack by specifying malicious java script content in either the OAuth scopes (SCIM groups) or SCIM group descriptions."
},
{
"lang": "es",
"value": "Las p\u00e1ginas de aprobaci\u00f3n OAuth de UAA en Cloud Foundry versiones v208 hasta v231, Login-server versiones v1.6 hasta v1.14, UAA versiones v2.0.0 hasta v2.7.4.1, UAA versiones v3.0.0 hasta v3.2.0, UAA-Release versiones v2 hasta v7 y Pivotal Elastic Runtime versiones 1.6.x anteriores a 1.6.20, son vulnerables a un ataque de tipo XSS mediante especificaci\u00f3n de contenido de script java malicioso en los \u00e1mbitos OAuth (grupos SCIM) o descripciones de grupo SCIM."
}
],
"id": "CVE-2016-0781",
"lastModified": "2024-11-21T02:42:22.237",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-25T17:29:00.553",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2016-0781"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2016-0781"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-03-29 22:29
Modified
2024-11-21 02:56
Severity ?
Summary
Applications in cf-release before 245 can be configured and pushed with a user-provided custom buildpack using a URL pointing to the buildpack. Although it is not recommended, a user can specify a credential in the URL (basic auth or OAuth) to access the buildpack through the CLI. For example, the user could include a GitHub username and password in the URL to access a private repo. Because the URL to access the buildpack is stored unencrypted, an operator with privileged access to the Cloud Controller database could view these credentials.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security_alert@emc.com | https://pivotal.io/security/cve-2016-6658 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pivotal.io/security/cve-2016-6658 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cloudfoundry:cf-release:*:*:*:*:*:*:*:*",
"matchCriteriaId": "381D7323-8A68-4814-9193-67B6EEC6678D",
"versionEndExcluding": "245",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:*:*:*:*:*:*:*:*",
"matchCriteriaId": "40E584D4-7CA3-42E0-A9F3-79E67C111D65",
"versionEndExcluding": "1.6.49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0DD51AC4-E544-4E15-BC72-D252D9773EA8",
"versionEndExcluding": "1.7.31",
"versionStartIncluding": "1.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:*:*:*:*:*:*:*:*",
"matchCriteriaId": "11FE44C3-64CB-499F-A81F-DFB6E8BA3EFE",
"versionEndExcluding": "1.8.11",
"versionStartIncluding": "1.8.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Applications in cf-release before 245 can be configured and pushed with a user-provided custom buildpack using a URL pointing to the buildpack. Although it is not recommended, a user can specify a credential in the URL (basic auth or OAuth) to access the buildpack through the CLI. For example, the user could include a GitHub username and password in the URL to access a private repo. Because the URL to access the buildpack is stored unencrypted, an operator with privileged access to the Cloud Controller database could view these credentials."
},
{
"lang": "es",
"value": "Applications en cf-release, en versiones anteriores a la 245, puede configurarse e insertarse con un buildpack personalizado proporcionado por el usuario mediante una URL que se\u00f1ale al buildpack. Aunque no se recomienda, un usuario puede especificar una credencial en la URL (basic auth o OAuth) para acceder al buildpack a trav\u00e9s del CLI. Por ejemplo, el usuario puede incluir un nombre de usuario y contrase\u00f1a de GitHub en la URL para acceder a un repositorio privado. Debido a que la URL empleada para acceder al buildpack se almacena sin cifrar, un operador con acceso privilegiado a la base de datos de Cloud Controller podr\u00eda ver estas credenciales."
}
],
"id": "CVE-2016-6658",
"lastModified": "2024-11-21T02:56:34.143",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.1,
"impactScore": 5.8,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-29T22:29:00.477",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2016-6658"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2016-6658"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-24 17:29
Modified
2024-11-21 02:32
Severity ?
Summary
The password change functionality in Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire existing sessions.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://pivotal.io/security/cve-2015-5170-5173 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pivotal.io/security/cve-2015-5170-5173 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cloudfoundry | cf-release | * | |
| pivotal_software | cloud_foundry_elastic_runtime | * | |
| pivotal_software | cloud_foundry_uaa | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cloudfoundry:cf-release:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E39C984-9592-4C18-A220-F3BF2FF0E4D3",
"versionEndExcluding": "216",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:*:*:*:*:*:*:*:*",
"matchCriteriaId": "349BBE7C-CB38-4F96-B42C-03982C4D6071",
"versionEndExcluding": "1.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6FF9860B-08BA-42CA-A3C0-34BE821C47B2",
"versionEndExcluding": "2.5.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The password change functionality in Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire existing sessions."
},
{
"lang": "es",
"value": "La funcionalidad de cambio de contrase\u00f1a en Cloud Foundry Runtime cf-release en versiones anteriores a la 216, UAA en versiones anteriores a la 2.5.2 y Pivotal Cloud Foundry (PCF) Elastic Runtime en versiones anteriores a la 1.7.0 permite que los atacantes causen un impacto no especificado aprovechando que no caducan las sesiones existentes."
}
],
"id": "CVE-2015-5171",
"lastModified": "2024-11-21T02:32:29.670",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-24T17:29:00.230",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2015-5170-5173"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2015-5170-5173"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-613"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-05-25 17:29
Modified
2024-11-21 02:28
Severity ?
Summary
With Cloud Foundry Runtime cf-release versions v209 or earlier, UAA Standalone versions 2.2.6 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier the UAA logout link is susceptible to an open redirect which allows an attacker to insert malicious web page as a redirect parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security_alert@emc.com | https://pivotal.io/security/cve-2015-3190 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pivotal.io/security/cve-2015-3190 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cloudfoundry | cf-release | * | |
| pivotal_software | cloud_foundry_elastic_runtime | * | |
| pivotal_software | cloud_foundry_uaa | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cloudfoundry:cf-release:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D648E4CC-C6C7-4C5C-B554-528D4DBDC079",
"versionEndIncluding": "209",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AB6812A0-8836-4F25-9AC1-DB552BC605ED",
"versionEndIncluding": "1.4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D7981BF0-D4AF-4E06-96DE-725FE2D581A5",
"versionEndIncluding": "2.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "With Cloud Foundry Runtime cf-release versions v209 or earlier, UAA Standalone versions 2.2.6 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier the UAA logout link is susceptible to an open redirect which allows an attacker to insert malicious web page as a redirect parameter."
},
{
"lang": "es",
"value": "En Cloud Foundry Runtime versiones v209 o anteriores, UAA Standalone versiones 2.2.6 o ateriores y Pivotal Cloud Foundry Runtime versiones 1.4.5 o anteriores, el enlace del UAA logout es susceptible a una redirecci\u00f3n abierta que permitir\u00eda a un atacante insertar p\u00e1ginas web maliciosas en un par\u00e1metro de redirecci\u00f3n."
}
],
"id": "CVE-2015-3190",
"lastModified": "2024-11-21T02:28:51.990",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-25T17:29:00.367",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2015-3190"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2015-3190"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-09-30 00:59
Modified
2024-11-21 02:56
Severity ?
Summary
The OAuth authorization implementation in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x before 2.7.4.7, 3.x before 3.3.0.5, and 3.4.x before 3.4.4; UAA BOSH before 11.5 and 12.x before 12.5; Elastic Runtime before 1.6.40, 1.7.x before 1.7.21, and 1.8.x before 1.8.1; and Ops Manager 1.7.x before 1.7.13 and 1.8.x before 1.8.1 mishandles redirect_uri subdomains, which allows remote attackers to obtain implicit access tokens via a modified subdomain.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D172CC2-124E-4179-A82E-857290D32FE9",
"versionEndIncluding": "12.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry:*:*:*:*:*:*:*:*",
"matchCriteriaId": "27E43458-95D7-4A85-B8E7-3D452A9CFD25",
"versionEndIncluding": "241",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CC5918-BC38-46E3-8000-5FE87A65C0E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "36926681-35F4-4619-9613-155DEEEA3C8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "41FF3C2B-E96F-4DF7-A5C4-703206CB729E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F9CB3C2D-3080-4A3D-8D8D-1381B5D98920",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "782781EB-147C-4B00-84C5-1D8443BFA2D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "35A56755-EEB2-4C93-B180-3918A36965AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E4009F10-08AF-470B-B903-38B8A6DBF332",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2B2E8F04-53E6-4A3C-BE4B-8D0DDA22CA8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "790DAB24-893A-463F-8358-171DACD75074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3645A1A8-4945-447F-A968-101D5938F9C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "0E52C9B9-8F94-48D8-ADA6-96918F6AAD36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "3948FC2F-AF3B-4AF3-968D-F124D03A213A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.12:*:*:*:*:*:*:*",
"matchCriteriaId": "4BA44F9B-97D5-48C0-91E9-6D3FEC8B7773",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.13:*:*:*:*:*:*:*",
"matchCriteriaId": "7B414F88-6541-48C6-B9D6-4DDA035A0037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.14:*:*:*:*:*:*:*",
"matchCriteriaId": "66235C7F-D5EE-4989-8D24-6D0781954234",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.15:*:*:*:*:*:*:*",
"matchCriteriaId": "12E75B49-2419-4313-A648-B5283DA620E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.17:*:*:*:*:*:*:*",
"matchCriteriaId": "A2C07910-C462-46C1-83CB-39B3FD8D25BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.18:*:*:*:*:*:*:*",
"matchCriteriaId": "C6B9243E-31EF-48AB-BAB5-CCC3704A219F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.19:*:*:*:*:*:*:*",
"matchCriteriaId": "2BCB1D4B-F44C-41A1-90CA-62FD37003A1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.20:*:*:*:*:*:*:*",
"matchCriteriaId": "F623783F-46DF-454E-BD83-5D2AE35EA9B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.21:*:*:*:*:*:*:*",
"matchCriteriaId": "6BD9D35B-3E85-49FD-BA0A-D9020C5F280E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.22:*:*:*:*:*:*:*",
"matchCriteriaId": "A28CEEDF-FA40-4922-87A6-35DEBF184DC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.23:*:*:*:*:*:*:*",
"matchCriteriaId": "D4F08111-51B1-4866-8695-C0877FC77D0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.25:*:*:*:*:*:*:*",
"matchCriteriaId": "620EAB8D-3754-494D-9912-724A0FE1E80F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.26:*:*:*:*:*:*:*",
"matchCriteriaId": "ADBA74BD-EF83-4F29-8040-FB5B35D38C9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.27:*:*:*:*:*:*:*",
"matchCriteriaId": "A1E00BE6-B2B6-4C02-9510-1F3DCC081173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.28:*:*:*:*:*:*:*",
"matchCriteriaId": "A4D9E726-CF92-4DE5-8A04-02428328CC8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.29:*:*:*:*:*:*:*",
"matchCriteriaId": "5E1CAC4E-3CD6-4D0C-8544-9481E57FD338",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.30:*:*:*:*:*:*:*",
"matchCriteriaId": "D1D0F13A-D149-492D-A484-B7F4235B2DC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.31:*:*:*:*:*:*:*",
"matchCriteriaId": "160A9972-DCF2-46A9-8025-938C492E5A0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.32:*:*:*:*:*:*:*",
"matchCriteriaId": "43978845-CC25-4975-8155-AC0999A4268B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.33:*:*:*:*:*:*:*",
"matchCriteriaId": "7B1A6848-16B9-47EC-B7C8-7740086398F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.34:*:*:*:*:*:*:*",
"matchCriteriaId": "D9708D36-4A9B-484A-A627-69A85D66EDF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.35:*:*:*:*:*:*:*",
"matchCriteriaId": "F0AB1C89-79D2-4997-A00D-E6E62243278B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.36:*:*:*:*:*:*:*",
"matchCriteriaId": "C071EA95-4AE2-43DC-900F-3DDD38959754",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.37:*:*:*:*:*:*:*",
"matchCriteriaId": "A6FF1F58-580A-4035-9427-1B4E96FC9E9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.38:*:*:*:*:*:*:*",
"matchCriteriaId": "71499439-2748-4B4F-8659-AE4F67CCC8AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.39:*:*:*:*:*:*:*",
"matchCriteriaId": "50161ECB-FEEA-4E1C-8DF9-5F3F7D944895",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "85E08C11-76E1-4F91-8061-5DA1BABD8767",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B75A7F-EAAC-4D81-9A10-D8DB45828EC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FA53D5B4-75BF-445F-96AA-4DC308B76E64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6DD5D5D9-604D-4917-99D0-1F41784A6835",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6B2BF60D-EEEE-4F4C-A19F-108C78366089",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5EED880C-5EF5-4FEA-A4BD-58CA61C12A9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DDA80BA5-66B0-4A6C-B552-175DBB930EB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BCDBAF27-D5DC-4379-A76E-7BD2CD98EB5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D957FD98-C2B4-48C2-81A0-37B2581E9F52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0DADB2DA-A12F-426E-9DEB-3628B081F78D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "99C97080-9BD3-4F17-A0E4-80F9F4CD7DB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E764D26C-D2C4-496C-936F-BF6793BF7C70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.12:*:*:*:*:*:*:*",
"matchCriteriaId": "1E574EDD-AD33-4A00-8E14-76F0134EC00B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.13:*:*:*:*:*:*:*",
"matchCriteriaId": "A2274274-C1F8-4E42-AF7A-BDBF379E823E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.14:*:*:*:*:*:*:*",
"matchCriteriaId": "DCB25167-8350-4362-876C-690F5B5B057C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.15:*:*:*:*:*:*:*",
"matchCriteriaId": "28F89423-3AEE-475A-BBBA-B895D9732A14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.16:*:*:*:*:*:*:*",
"matchCriteriaId": "B4B5CB0D-09C9-4CB2-B842-CA68400CDAAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.17:*:*:*:*:*:*:*",
"matchCriteriaId": "F047032B-218E-41BF-9F46-4682D415960E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.18:*:*:*:*:*:*:*",
"matchCriteriaId": "B291CCA0-EAE5-4900-ABF3-9A9D76910BD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.19:*:*:*:*:*:*:*",
"matchCriteriaId": "DB8DAD87-111B-4F17-85CC-65C395851079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.20:*:*:*:*:*:*:*",
"matchCriteriaId": "248878D6-7987-4608-9A28-66F3F7EFB976",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "258FAFB4-2B67-456B-BE78-1562A3D5E9A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A2D55721-7B40-4277-9E5A-4A9688D12ADF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7B931453-BA62-45A2-8574-A590E2DE55DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BA7E6331-33BC-4F3D-86C7-4DDBCB2B3B91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9FCBC4AE-B126-4EF6-B75E-062423E3F161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "ED35AA0C-9427-492A-972A-D82972BBD9CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7412837F-8F31-48A5-81AF-51E7A4A40310",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6A8A33E4-AFCD-436B-8635-7F45F4B043F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "79217281-FDA5-44AD-82A9-7375F9562345",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E7FB48BC-5523-4B18-860C-A1DA648F2C1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2B630514-7848-435E-B9BD-9350BA671D95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "683152A4-2927-4735-8BFF-B9B499B44D15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "CC7AEA69-D9C5-4CE8-BD67-9E5E5E7EF343",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.12:*:*:*:*:*:*:*",
"matchCriteriaId": "ADD6F12D-6324-48E3-A508-70A7B122CA3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C015DE32-1D60-49EA-889D-B8FE453CF02E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "555D749F-4228-4B8C-8E0F-F9D6401E79B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "58AEF0BF-8073-435E-9AE1-07A7B0B4B497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "046215E7-464A-41E6-B310-9C56AB8A4243",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "99BAEFFA-DD36-4CE7-B8D5-906509346720",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8D624768-9C90-4BE3-8715-78CC408C02AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B604B862-5213-4A4D-9147-A5D90EF13923",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F0C8A2F1-A40D-4041-BF2B-59A8DC81581A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ACFDEF8D-9BE5-43ED-8E1D-2B63A1294EDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "504AA7E0-D1F5-4097-B53B-F0E36328B1EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0DCD6CB7-5D49-4897-8353-44E5B08D9375",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "916733EA-F51A-49E2-9D47-9B713B36C847",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "03D97B63-F59C-47FD-9919-3B543F0C4BE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2BF268FB-5CAA-4441-A5EA-F65080A65815",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "597CA1EF-4E57-4676-B772-239EFB684C5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1D44FEC0-341E-4AD4-B0BC-0B10FDB6DB8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CDB08635-4792-4483-8A5D-B07B3CC6E11B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EAF6E32B-0B37-47CB-A6B3-AC226DC7B032",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D410B4D-D427-4F18-8962-8E232378B2A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C5FE703B-B6E7-4936-B675-7FDCECD84A05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "423A1AAF-B173-4FCB-A34A-616A7EC178CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EEC3C020-A0A3-4D8D-ABFE-EA3C52FAB4D7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The OAuth authorization implementation in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x before 2.7.4.7, 3.x before 3.3.0.5, and 3.4.x before 3.4.4; UAA BOSH before 11.5 and 12.x before 12.5; Elastic Runtime before 1.6.40, 1.7.x before 1.7.21, and 1.8.x before 1.8.1; and Ops Manager 1.7.x before 1.7.13 and 1.8.x before 1.8.1 mishandles redirect_uri subdomains, which allows remote attackers to obtain implicit access tokens via a modified subdomain."
},
{
"lang": "es",
"value": "La implementaci\u00f3n de autorizaci\u00f3n OAuth en Pivotal Cloud Foundry (PCF) en versiones anteriores a 242; UAA 2.x en versiones anteriores a 2.7.4.7, 3.x en versiones anteriores a 3.3.0.5 y 3.4.x en versiones anteriores a 3.4.4; UAA BOSH en versiones anteriores a 11.5 y 12.x en versiones anteriores a 12.5; Elastic Runtime en versiones anteriores a 1.6.40, 1.7.x en versiones anteriores a 1.7.21 y 1.8.x en versiones anteriores a 1.8.1 y Ops Manager 1.7.x en versiones anteriores a 1.7.13 y 1.8.x en versiones anteriores a 1.8.1 no maneja adecuadamente subdominios redirect_uri, lo que permite a atacantes remotos obtener tokens de acceso impl\u00edcito a trav\u00e9s de un subdominio modificado."
}
],
"id": "CVE-2016-6636",
"lastModified": "2024-11-21T02:56:31.843",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-09-30T00:59:00.180",
"references": [
{
"source": "security_alert@emc.com",
"url": "http://www.securityfocus.com/bid/93246"
},
{
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2016-6636"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/93246"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2016-6636"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-05-02 14:59
Modified
2024-11-21 02:53
Severity ?
Summary
The Cloud Controller in Cloud Foundry before 239 logs user-provided service objects at creation, which allows attackers to obtain sensitive user credential information via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://pivotal.io/security/cve-2016-5006 | Vendor Advisory | |
| secalert@redhat.com | https://www.cloudfoundry.org/CVE-2016-5006/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pivotal.io/security/cve-2016-5006 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cloudfoundry.org/CVE-2016-5006/ | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry:*:*:*:*:*:*:*:*",
"matchCriteriaId": "357B80E6-93EA-4ED7-A8E5-EAE81820DA0B",
"versionEndIncluding": "238.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:*:*:*:*:*:*:*:*",
"matchCriteriaId": "323EAD1C-AB99-447B-AC51-B41DDE3D3B41",
"versionEndIncluding": "1.6.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "85E08C11-76E1-4F91-8061-5DA1BABD8767",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B75A7F-EAAC-4D81-9A10-D8DB45828EC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FA53D5B4-75BF-445F-96AA-4DC308B76E64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6DD5D5D9-604D-4917-99D0-1F41784A6835",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6B2BF60D-EEEE-4F4C-A19F-108C78366089",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5EED880C-5EF5-4FEA-A4BD-58CA61C12A9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DDA80BA5-66B0-4A6C-B552-175DBB930EB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BCDBAF27-D5DC-4379-A76E-7BD2CD98EB5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D957FD98-C2B4-48C2-81A0-37B2581E9F52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0DADB2DA-A12F-426E-9DEB-3628B081F78D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "99C97080-9BD3-4F17-A0E4-80F9F4CD7DB4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Cloud Controller in Cloud Foundry before 239 logs user-provided service objects at creation, which allows attackers to obtain sensitive user credential information via unspecified vectors."
},
{
"lang": "es",
"value": "El Cloud Controller en Cloud Foundry versiones anteriores a 239 registra objetos de servicio proporcionados por el usuario durante la creaci\u00f3n, lo que permite a los atacantes obtener informaci\u00f3n sensible de credenciales de usuarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2016-5006",
"lastModified": "2024-11-21T02:53:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-02T14:59:00.410",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2016-5006"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.cloudfoundry.org/CVE-2016-5006/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2016-5006"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.cloudfoundry.org/CVE-2016-5006/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-09-30 00:59
Modified
2024-11-21 02:56
Severity ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x before 2.7.4.7, 3.x before 3.3.0.5, and 3.4.x before 3.4.4; UAA BOSH before 11.5 and 12.x before 12.5; Elastic Runtime before 1.6.40, 1.7.x before 1.7.21, and 1.8.x before 1.8.2; and Ops Manager 1.7.x before 1.7.13 and 1.8.x before 1.8.1 allow remote attackers to hijack the authentication of unspecified victims for requests that approve or deny a scope via a profile or authorize approval page.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9251DFFD-6BD2-40FF-8EA2-E4AB4C9E3DAB",
"versionEndIncluding": "15.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry:*:*:*:*:*:*:*:*",
"matchCriteriaId": "27E43458-95D7-4A85-B8E7-3D452A9CFD25",
"versionEndIncluding": "241",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CC5918-BC38-46E3-8000-5FE87A65C0E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "36926681-35F4-4619-9613-155DEEEA3C8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "41FF3C2B-E96F-4DF7-A5C4-703206CB729E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F9CB3C2D-3080-4A3D-8D8D-1381B5D98920",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "782781EB-147C-4B00-84C5-1D8443BFA2D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "35A56755-EEB2-4C93-B180-3918A36965AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E4009F10-08AF-470B-B903-38B8A6DBF332",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2B2E8F04-53E6-4A3C-BE4B-8D0DDA22CA8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "790DAB24-893A-463F-8358-171DACD75074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3645A1A8-4945-447F-A968-101D5938F9C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "0E52C9B9-8F94-48D8-ADA6-96918F6AAD36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "3948FC2F-AF3B-4AF3-968D-F124D03A213A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.12:*:*:*:*:*:*:*",
"matchCriteriaId": "4BA44F9B-97D5-48C0-91E9-6D3FEC8B7773",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.13:*:*:*:*:*:*:*",
"matchCriteriaId": "7B414F88-6541-48C6-B9D6-4DDA035A0037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.14:*:*:*:*:*:*:*",
"matchCriteriaId": "66235C7F-D5EE-4989-8D24-6D0781954234",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.15:*:*:*:*:*:*:*",
"matchCriteriaId": "12E75B49-2419-4313-A648-B5283DA620E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.17:*:*:*:*:*:*:*",
"matchCriteriaId": "A2C07910-C462-46C1-83CB-39B3FD8D25BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.18:*:*:*:*:*:*:*",
"matchCriteriaId": "C6B9243E-31EF-48AB-BAB5-CCC3704A219F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.19:*:*:*:*:*:*:*",
"matchCriteriaId": "2BCB1D4B-F44C-41A1-90CA-62FD37003A1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.20:*:*:*:*:*:*:*",
"matchCriteriaId": "F623783F-46DF-454E-BD83-5D2AE35EA9B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.21:*:*:*:*:*:*:*",
"matchCriteriaId": "6BD9D35B-3E85-49FD-BA0A-D9020C5F280E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.22:*:*:*:*:*:*:*",
"matchCriteriaId": "A28CEEDF-FA40-4922-87A6-35DEBF184DC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.23:*:*:*:*:*:*:*",
"matchCriteriaId": "D4F08111-51B1-4866-8695-C0877FC77D0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.25:*:*:*:*:*:*:*",
"matchCriteriaId": "620EAB8D-3754-494D-9912-724A0FE1E80F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.26:*:*:*:*:*:*:*",
"matchCriteriaId": "ADBA74BD-EF83-4F29-8040-FB5B35D38C9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.27:*:*:*:*:*:*:*",
"matchCriteriaId": "A1E00BE6-B2B6-4C02-9510-1F3DCC081173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.28:*:*:*:*:*:*:*",
"matchCriteriaId": "A4D9E726-CF92-4DE5-8A04-02428328CC8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.29:*:*:*:*:*:*:*",
"matchCriteriaId": "5E1CAC4E-3CD6-4D0C-8544-9481E57FD338",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.30:*:*:*:*:*:*:*",
"matchCriteriaId": "D1D0F13A-D149-492D-A484-B7F4235B2DC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.31:*:*:*:*:*:*:*",
"matchCriteriaId": "160A9972-DCF2-46A9-8025-938C492E5A0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.32:*:*:*:*:*:*:*",
"matchCriteriaId": "43978845-CC25-4975-8155-AC0999A4268B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.33:*:*:*:*:*:*:*",
"matchCriteriaId": "7B1A6848-16B9-47EC-B7C8-7740086398F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.34:*:*:*:*:*:*:*",
"matchCriteriaId": "D9708D36-4A9B-484A-A627-69A85D66EDF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.35:*:*:*:*:*:*:*",
"matchCriteriaId": "F0AB1C89-79D2-4997-A00D-E6E62243278B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.36:*:*:*:*:*:*:*",
"matchCriteriaId": "C071EA95-4AE2-43DC-900F-3DDD38959754",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.37:*:*:*:*:*:*:*",
"matchCriteriaId": "A6FF1F58-580A-4035-9427-1B4E96FC9E9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.38:*:*:*:*:*:*:*",
"matchCriteriaId": "71499439-2748-4B4F-8659-AE4F67CCC8AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.39:*:*:*:*:*:*:*",
"matchCriteriaId": "50161ECB-FEEA-4E1C-8DF9-5F3F7D944895",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "85E08C11-76E1-4F91-8061-5DA1BABD8767",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B75A7F-EAAC-4D81-9A10-D8DB45828EC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FA53D5B4-75BF-445F-96AA-4DC308B76E64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6DD5D5D9-604D-4917-99D0-1F41784A6835",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6B2BF60D-EEEE-4F4C-A19F-108C78366089",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5EED880C-5EF5-4FEA-A4BD-58CA61C12A9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DDA80BA5-66B0-4A6C-B552-175DBB930EB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BCDBAF27-D5DC-4379-A76E-7BD2CD98EB5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D957FD98-C2B4-48C2-81A0-37B2581E9F52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0DADB2DA-A12F-426E-9DEB-3628B081F78D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "99C97080-9BD3-4F17-A0E4-80F9F4CD7DB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E764D26C-D2C4-496C-936F-BF6793BF7C70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.12:*:*:*:*:*:*:*",
"matchCriteriaId": "1E574EDD-AD33-4A00-8E14-76F0134EC00B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.13:*:*:*:*:*:*:*",
"matchCriteriaId": "A2274274-C1F8-4E42-AF7A-BDBF379E823E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.14:*:*:*:*:*:*:*",
"matchCriteriaId": "DCB25167-8350-4362-876C-690F5B5B057C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.15:*:*:*:*:*:*:*",
"matchCriteriaId": "28F89423-3AEE-475A-BBBA-B895D9732A14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.16:*:*:*:*:*:*:*",
"matchCriteriaId": "B4B5CB0D-09C9-4CB2-B842-CA68400CDAAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.17:*:*:*:*:*:*:*",
"matchCriteriaId": "F047032B-218E-41BF-9F46-4682D415960E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.18:*:*:*:*:*:*:*",
"matchCriteriaId": "B291CCA0-EAE5-4900-ABF3-9A9D76910BD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.19:*:*:*:*:*:*:*",
"matchCriteriaId": "DB8DAD87-111B-4F17-85CC-65C395851079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.20:*:*:*:*:*:*:*",
"matchCriteriaId": "248878D6-7987-4608-9A28-66F3F7EFB976",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "258FAFB4-2B67-456B-BE78-1562A3D5E9A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A2D55721-7B40-4277-9E5A-4A9688D12ADF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7B931453-BA62-45A2-8574-A590E2DE55DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BA7E6331-33BC-4F3D-86C7-4DDBCB2B3B91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9FCBC4AE-B126-4EF6-B75E-062423E3F161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "ED35AA0C-9427-492A-972A-D82972BBD9CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7412837F-8F31-48A5-81AF-51E7A4A40310",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6A8A33E4-AFCD-436B-8635-7F45F4B043F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "79217281-FDA5-44AD-82A9-7375F9562345",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E7FB48BC-5523-4B18-860C-A1DA648F2C1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2B630514-7848-435E-B9BD-9350BA671D95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "683152A4-2927-4735-8BFF-B9B499B44D15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "CC7AEA69-D9C5-4CE8-BD67-9E5E5E7EF343",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.12:*:*:*:*:*:*:*",
"matchCriteriaId": "ADD6F12D-6324-48E3-A508-70A7B122CA3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C015DE32-1D60-49EA-889D-B8FE453CF02E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "555D749F-4228-4B8C-8E0F-F9D6401E79B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "58AEF0BF-8073-435E-9AE1-07A7B0B4B497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "046215E7-464A-41E6-B310-9C56AB8A4243",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "99BAEFFA-DD36-4CE7-B8D5-906509346720",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8D624768-9C90-4BE3-8715-78CC408C02AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B604B862-5213-4A4D-9147-A5D90EF13923",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F0C8A2F1-A40D-4041-BF2B-59A8DC81581A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ACFDEF8D-9BE5-43ED-8E1D-2B63A1294EDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "504AA7E0-D1F5-4097-B53B-F0E36328B1EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0DCD6CB7-5D49-4897-8353-44E5B08D9375",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "916733EA-F51A-49E2-9D47-9B713B36C847",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "03D97B63-F59C-47FD-9919-3B543F0C4BE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2BF268FB-5CAA-4441-A5EA-F65080A65815",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "597CA1EF-4E57-4676-B772-239EFB684C5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1D44FEC0-341E-4AD4-B0BC-0B10FDB6DB8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CDB08635-4792-4483-8A5D-B07B3CC6E11B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EAF6E32B-0B37-47CB-A6B3-AC226DC7B032",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D410B4D-D427-4F18-8962-8E232378B2A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C5FE703B-B6E7-4936-B675-7FDCECD84A05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "423A1AAF-B173-4FCB-A34A-616A7EC178CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EEC3C020-A0A3-4D8D-ABFE-EA3C52FAB4D7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x before 2.7.4.7, 3.x before 3.3.0.5, and 3.4.x before 3.4.4; UAA BOSH before 11.5 and 12.x before 12.5; Elastic Runtime before 1.6.40, 1.7.x before 1.7.21, and 1.8.x before 1.8.2; and Ops Manager 1.7.x before 1.7.13 and 1.8.x before 1.8.1 allow remote attackers to hijack the authentication of unspecified victims for requests that approve or deny a scope via a profile or authorize approval page."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de CSRF en Pivotal Cloud Foundry (PCF) en versiones anteriores a 242; UAA 2.x en versiones anteriores a 2.7.4.7, 3.x en versiones anteriores a 3.3.0.5 y 3.4.x en versiones anteriores a 3.4.4; UAA BOSH en versiones anteriores a 11.5 y 12.x en versiones anteriores a 12.5; Elastic Runtime en versiones anteriores a 1.6.40, 1.7.x en versiones anteriores a 1.7.21 y 1.8.x en versiones anteriores a 1.8.2 y Ops Manager 1.7.x en versiones anteriores a 1.7.13 y 1.8.x en versiones anteriores a 1.8.1 permiten a atacantes remotos secuestrar la autenticaci\u00f3n de v\u00edctimas no especificadas para peticiones que aprueban o deniegan una extensi\u00f3n a trav\u00e9s de un perfil o autoriza una p\u00e1gina de aprobaci\u00f3n."
}
],
"id": "CVE-2016-6637",
"lastModified": "2024-11-21T02:56:31.973",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-09-30T00:59:01.397",
"references": [
{
"source": "security_alert@emc.com",
"url": "http://www.securityfocus.com/bid/93245"
},
{
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2016-6637"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/93245"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2016-6637"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-09-18 02:59
Modified
2024-11-21 02:42
Severity ?
Summary
Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.34 and 1.7.x before 1.7.12 places 169.254.0.0/16 in the all_open Application Security Group, which might allow remote attackers to bypass intended network-connectivity restrictions by leveraging access to the 169.254.169.254 address.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D91DEF2-7A58-4C05-BD04-585D0A0A4E2D",
"versionEndIncluding": "1.6.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "85E08C11-76E1-4F91-8061-5DA1BABD8767",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B75A7F-EAAC-4D81-9A10-D8DB45828EC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FA53D5B4-75BF-445F-96AA-4DC308B76E64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6DD5D5D9-604D-4917-99D0-1F41784A6835",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6B2BF60D-EEEE-4F4C-A19F-108C78366089",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5EED880C-5EF5-4FEA-A4BD-58CA61C12A9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DDA80BA5-66B0-4A6C-B552-175DBB930EB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BCDBAF27-D5DC-4379-A76E-7BD2CD98EB5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D957FD98-C2B4-48C2-81A0-37B2581E9F52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0DADB2DA-A12F-426E-9DEB-3628B081F78D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "99C97080-9BD3-4F17-A0E4-80F9F4CD7DB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E764D26C-D2C4-496C-936F-BF6793BF7C70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.34 and 1.7.x before 1.7.12 places 169.254.0.0/16 in the all_open Application Security Group, which might allow remote attackers to bypass intended network-connectivity restrictions by leveraging access to the 169.254.169.254 address."
},
{
"lang": "es",
"value": "Pivotal Cloud Foundry (PCF) Elastic Runtime en versiones anteriores a 1.6.34 y 1.7.x en versiones anteriores a 1.7.12 sit\u00faa 169.254.0.0/16 en el all_open Application Security Group, lo que podr\u00eda permitir a atacantes remotos eludir las restricciones de conectividad de red mediante el aprovechamiento del acceso a la direcci\u00f3n 169.254.169.254."
}
],
"id": "CVE-2016-0896",
"lastModified": "2024-11-21T02:42:35.513",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-09-18T02:59:01.637",
"references": [
{
"source": "security_alert@emc.com",
"url": "http://www.securityfocus.com/bid/92161"
},
{
"source": "security_alert@emc.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2016-0896"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/92161"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2016-0896"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-254"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-09-30 00:59
Modified
2024-11-21 02:56
Severity ?
Summary
The UAA /oauth/token endpoint in Pivotal Cloud Foundry (PCF) before 243; UAA 2.x before 2.7.4.8, 3.x before 3.3.0.6, and 3.4.x before 3.4.5; UAA BOSH before 11.7 and 12.x before 12.6; Elastic Runtime before 1.6.40, 1.7.x before 1.7.21, and 1.8.x before 1.8.2; and Ops Manager 1.7.x before 1.7.13 and 1.8.x before 1.8.1 allows remote authenticated users to gain privileges by leveraging possession of a token.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0DAFE420-82CA-489D-977A-611BE08F53C2",
"versionEndIncluding": "16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2FB43EA3-583C-4838-8319-3503DA1A2EBA",
"versionEndIncluding": "242.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CC5918-BC38-46E3-8000-5FE87A65C0E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "36926681-35F4-4619-9613-155DEEEA3C8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "41FF3C2B-E96F-4DF7-A5C4-703206CB729E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F9CB3C2D-3080-4A3D-8D8D-1381B5D98920",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "782781EB-147C-4B00-84C5-1D8443BFA2D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "35A56755-EEB2-4C93-B180-3918A36965AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E4009F10-08AF-470B-B903-38B8A6DBF332",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2B2E8F04-53E6-4A3C-BE4B-8D0DDA22CA8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "790DAB24-893A-463F-8358-171DACD75074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3645A1A8-4945-447F-A968-101D5938F9C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "0E52C9B9-8F94-48D8-ADA6-96918F6AAD36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "3948FC2F-AF3B-4AF3-968D-F124D03A213A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.12:*:*:*:*:*:*:*",
"matchCriteriaId": "4BA44F9B-97D5-48C0-91E9-6D3FEC8B7773",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.13:*:*:*:*:*:*:*",
"matchCriteriaId": "7B414F88-6541-48C6-B9D6-4DDA035A0037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.14:*:*:*:*:*:*:*",
"matchCriteriaId": "66235C7F-D5EE-4989-8D24-6D0781954234",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.15:*:*:*:*:*:*:*",
"matchCriteriaId": "12E75B49-2419-4313-A648-B5283DA620E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.17:*:*:*:*:*:*:*",
"matchCriteriaId": "A2C07910-C462-46C1-83CB-39B3FD8D25BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.18:*:*:*:*:*:*:*",
"matchCriteriaId": "C6B9243E-31EF-48AB-BAB5-CCC3704A219F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.19:*:*:*:*:*:*:*",
"matchCriteriaId": "2BCB1D4B-F44C-41A1-90CA-62FD37003A1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.20:*:*:*:*:*:*:*",
"matchCriteriaId": "F623783F-46DF-454E-BD83-5D2AE35EA9B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.21:*:*:*:*:*:*:*",
"matchCriteriaId": "6BD9D35B-3E85-49FD-BA0A-D9020C5F280E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.22:*:*:*:*:*:*:*",
"matchCriteriaId": "A28CEEDF-FA40-4922-87A6-35DEBF184DC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.23:*:*:*:*:*:*:*",
"matchCriteriaId": "D4F08111-51B1-4866-8695-C0877FC77D0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.25:*:*:*:*:*:*:*",
"matchCriteriaId": "620EAB8D-3754-494D-9912-724A0FE1E80F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.26:*:*:*:*:*:*:*",
"matchCriteriaId": "ADBA74BD-EF83-4F29-8040-FB5B35D38C9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.27:*:*:*:*:*:*:*",
"matchCriteriaId": "A1E00BE6-B2B6-4C02-9510-1F3DCC081173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.28:*:*:*:*:*:*:*",
"matchCriteriaId": "A4D9E726-CF92-4DE5-8A04-02428328CC8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.29:*:*:*:*:*:*:*",
"matchCriteriaId": "5E1CAC4E-3CD6-4D0C-8544-9481E57FD338",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.30:*:*:*:*:*:*:*",
"matchCriteriaId": "D1D0F13A-D149-492D-A484-B7F4235B2DC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.31:*:*:*:*:*:*:*",
"matchCriteriaId": "160A9972-DCF2-46A9-8025-938C492E5A0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.32:*:*:*:*:*:*:*",
"matchCriteriaId": "43978845-CC25-4975-8155-AC0999A4268B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.33:*:*:*:*:*:*:*",
"matchCriteriaId": "7B1A6848-16B9-47EC-B7C8-7740086398F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.34:*:*:*:*:*:*:*",
"matchCriteriaId": "D9708D36-4A9B-484A-A627-69A85D66EDF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.35:*:*:*:*:*:*:*",
"matchCriteriaId": "F0AB1C89-79D2-4997-A00D-E6E62243278B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.36:*:*:*:*:*:*:*",
"matchCriteriaId": "C071EA95-4AE2-43DC-900F-3DDD38959754",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.37:*:*:*:*:*:*:*",
"matchCriteriaId": "A6FF1F58-580A-4035-9427-1B4E96FC9E9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.38:*:*:*:*:*:*:*",
"matchCriteriaId": "71499439-2748-4B4F-8659-AE4F67CCC8AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.39:*:*:*:*:*:*:*",
"matchCriteriaId": "50161ECB-FEEA-4E1C-8DF9-5F3F7D944895",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "85E08C11-76E1-4F91-8061-5DA1BABD8767",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B75A7F-EAAC-4D81-9A10-D8DB45828EC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FA53D5B4-75BF-445F-96AA-4DC308B76E64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6DD5D5D9-604D-4917-99D0-1F41784A6835",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6B2BF60D-EEEE-4F4C-A19F-108C78366089",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5EED880C-5EF5-4FEA-A4BD-58CA61C12A9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DDA80BA5-66B0-4A6C-B552-175DBB930EB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BCDBAF27-D5DC-4379-A76E-7BD2CD98EB5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D957FD98-C2B4-48C2-81A0-37B2581E9F52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0DADB2DA-A12F-426E-9DEB-3628B081F78D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "99C97080-9BD3-4F17-A0E4-80F9F4CD7DB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E764D26C-D2C4-496C-936F-BF6793BF7C70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.12:*:*:*:*:*:*:*",
"matchCriteriaId": "1E574EDD-AD33-4A00-8E14-76F0134EC00B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.13:*:*:*:*:*:*:*",
"matchCriteriaId": "A2274274-C1F8-4E42-AF7A-BDBF379E823E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.14:*:*:*:*:*:*:*",
"matchCriteriaId": "DCB25167-8350-4362-876C-690F5B5B057C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.15:*:*:*:*:*:*:*",
"matchCriteriaId": "28F89423-3AEE-475A-BBBA-B895D9732A14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.16:*:*:*:*:*:*:*",
"matchCriteriaId": "B4B5CB0D-09C9-4CB2-B842-CA68400CDAAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.17:*:*:*:*:*:*:*",
"matchCriteriaId": "F047032B-218E-41BF-9F46-4682D415960E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.18:*:*:*:*:*:*:*",
"matchCriteriaId": "B291CCA0-EAE5-4900-ABF3-9A9D76910BD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.19:*:*:*:*:*:*:*",
"matchCriteriaId": "DB8DAD87-111B-4F17-85CC-65C395851079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.20:*:*:*:*:*:*:*",
"matchCriteriaId": "248878D6-7987-4608-9A28-66F3F7EFB976",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "258FAFB4-2B67-456B-BE78-1562A3D5E9A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A2D55721-7B40-4277-9E5A-4A9688D12ADF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7B931453-BA62-45A2-8574-A590E2DE55DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BA7E6331-33BC-4F3D-86C7-4DDBCB2B3B91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9FCBC4AE-B126-4EF6-B75E-062423E3F161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "ED35AA0C-9427-492A-972A-D82972BBD9CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7412837F-8F31-48A5-81AF-51E7A4A40310",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6A8A33E4-AFCD-436B-8635-7F45F4B043F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "79217281-FDA5-44AD-82A9-7375F9562345",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E7FB48BC-5523-4B18-860C-A1DA648F2C1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2B630514-7848-435E-B9BD-9350BA671D95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "683152A4-2927-4735-8BFF-B9B499B44D15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "CC7AEA69-D9C5-4CE8-BD67-9E5E5E7EF343",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.12:*:*:*:*:*:*:*",
"matchCriteriaId": "ADD6F12D-6324-48E3-A508-70A7B122CA3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C015DE32-1D60-49EA-889D-B8FE453CF02E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA38C2BF-87DF-4452-AAA2-9E5A0D8A20E1",
"versionEndIncluding": "3.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The UAA /oauth/token endpoint in Pivotal Cloud Foundry (PCF) before 243; UAA 2.x before 2.7.4.8, 3.x before 3.3.0.6, and 3.4.x before 3.4.5; UAA BOSH before 11.7 and 12.x before 12.6; Elastic Runtime before 1.6.40, 1.7.x before 1.7.21, and 1.8.x before 1.8.2; and Ops Manager 1.7.x before 1.7.13 and 1.8.x before 1.8.1 allows remote authenticated users to gain privileges by leveraging possession of a token."
},
{
"lang": "es",
"value": "El dispositivo final UAA /oauth/token en Pivotal Cloud Foundry (PCF) en versiones anteriores a 243; UAA 2.x en versiones anteriores a 2.7.4.8, 3.x en versiones anteriores a 3.3.0.6 y 3.4.x en versiones anteriores a 3.4.5; UAA BOSH en versiones anteriores a 11.7 y 12.x en versiones anteriores a 12.6; Elastic Runtime en versiones anteriores a 1.6.40, 1.7.x en versiones anteriores a 1.7.21 y 1.8.x en versiones anteriores a 1.8.2 y Ops Manager 1.7.x en versiones anteriores a 1.7.13 y 1.8.x en versiones anteriores a 1.8.1 permite a usuarios remotos autenticados obtener privilegios aprovechando la posesi\u00f3n de un token."
}
],
"id": "CVE-2016-6651",
"lastModified": "2024-11-21T02:56:33.380",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-09-30T00:59:04.337",
"references": [
{
"source": "security_alert@emc.com",
"url": "http://www.securityfocus.com/bid/93241"
},
{
"source": "security_alert@emc.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2016-6651"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/93241"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2016-6651"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-04-24 19:59
Modified
2024-11-21 02:53
Severity ?
Summary
Pivotal Cloud Foundry 239 and earlier, UAA (aka User Account and Authentication Server) 3.4.1 and earlier, UAA release 12.2 and earlier, PCF (aka Pivotal Cloud Foundry) Elastic Runtime 1.6.x before 1.6.35, and PCF Elastic Runtime 1.7.x before 1.7.13 does not validate if a certificate is expired.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0FAA998A-048B-480D-9CF0-D90E2ABFE2FF",
"versionEndIncluding": "239",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A2049AEA-5F99-4621-AF5F-80AB2D9F2DEA",
"versionEndExcluding": "1.6.35",
"versionStartIncluding": "1.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:*:*:*:*:*:*:*:*",
"matchCriteriaId": "96093F13-C771-4550-9B06-3BFD862B38EB",
"versionEndExcluding": "1.7.13",
"versionStartIncluding": "1.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:*:*:*:*:*:*:*:*",
"matchCriteriaId": "374930A4-0FE0-4CED-9700-ED23F7FE730D",
"versionEndIncluding": "3.4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4FA71A73-B614-4987-BCBC-66E2FE383308",
"versionEndIncluding": "12.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Pivotal Cloud Foundry 239 and earlier, UAA (aka User Account and Authentication Server) 3.4.1 and earlier, UAA release 12.2 and earlier, PCF (aka Pivotal Cloud Foundry) Elastic Runtime 1.6.x before 1.6.35, and PCF Elastic Runtime 1.7.x before 1.7.13 does not validate if a certificate is expired."
},
{
"lang": "es",
"value": "Pivotal Cloud Foundry 239 y versiones anteriores, UAA ( tambi\u00e9n conocido como User Account y Authentication Server) 3.4.1 y versiones anteriores, lanzamiento UAA 12.2 y versiones anteriores, PCF (tambi\u00e9n conocido como Pivotal Cloud Foundry) Elastic Runtime 1.6.x en versiones anteriores a 1.6.35, y PCF Elastic Runtime 1.7.x en versiones anteriores a 1.7.13 no valida si un certificado ha expirado."
}
],
"id": "CVE-2016-5016",
"lastModified": "2024-11-21T02:53:27.060",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-24T19:59:00.253",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/cloudfoundry/cf-release/releases/tag/v240"
},
{
"source": "secalert@redhat.com",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/cloudfoundry/uaa-release/releases/tag/v11.3"
},
{
"source": "secalert@redhat.com",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/cloudfoundry/uaa-release/releases/tag/v12.3"
},
{
"source": "secalert@redhat.com",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/cloudfoundry/uaa/releases/tag/2.7.4.6"
},
{
"source": "secalert@redhat.com",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/cloudfoundry/uaa/releases/tag/3.3.0.3"
},
{
"source": "secalert@redhat.com",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/cloudfoundry/uaa/releases/tag/3.4.2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2016-5016"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/cloudfoundry/cf-release/releases/tag/v240"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/cloudfoundry/uaa-release/releases/tag/v11.3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/cloudfoundry/uaa-release/releases/tag/v12.3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/cloudfoundry/uaa/releases/tag/2.7.4.6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/cloudfoundry/uaa/releases/tag/3.3.0.3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/cloudfoundry/uaa/releases/tag/3.4.2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2016-5016"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-12-16 09:59
Modified
2024-11-21 02:56
Severity ?
Summary
An open redirect vulnerability has been detected with some Pivotal Cloud Foundry Elastic Runtime components. Users of affected versions should apply the following mitigation: Upgrade PCF Elastic Runtime 1.8.x versions to 1.8.12 or later. Upgrade PCF Ops Manager 1.7.x versions to 1.7.18 or later and 1.8.x versions to 1.8.10 or later.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security_alert@emc.com | http://www.securityfocus.com/bid/94126 | Third Party Advisory, VDB Entry | |
| security_alert@emc.com | https://pivotal.io/security/cve-2016-6657 | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94126 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pivotal.io/security/cve-2016-6657 | Mitigation, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A2D55721-7B40-4277-9E5A-4A9688D12ADF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7B931453-BA62-45A2-8574-A590E2DE55DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BA7E6331-33BC-4F3D-86C7-4DDBCB2B3B91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9FCBC4AE-B126-4EF6-B75E-062423E3F161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "ED35AA0C-9427-492A-972A-D82972BBD9CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7412837F-8F31-48A5-81AF-51E7A4A40310",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6A8A33E4-AFCD-436B-8635-7F45F4B043F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "79217281-FDA5-44AD-82A9-7375F9562345",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E7FB48BC-5523-4B18-860C-A1DA648F2C1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2B630514-7848-435E-B9BD-9350BA671D95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "683152A4-2927-4735-8BFF-B9B499B44D15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "CC7AEA69-D9C5-4CE8-BD67-9E5E5E7EF343",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.12:*:*:*:*:*:*:*",
"matchCriteriaId": "ADD6F12D-6324-48E3-A508-70A7B122CA3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.13:*:*:*:*:*:*:*",
"matchCriteriaId": "651B4CA5-EEE2-41CD-8711-F8334D18D91C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.14:*:*:*:*:*:*:*",
"matchCriteriaId": "A9034BC4-576A-4357-87ED-37085A5BEC2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.15:*:*:*:*:*:*:*",
"matchCriteriaId": "59FD7D94-5D90-4235-AECF-75A1478E9350",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.16:*:*:*:*:*:*:*",
"matchCriteriaId": "33A3439C-86CF-4E0E-A072-6CAD1285CC65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.17:*:*:*:*:*:*:*",
"matchCriteriaId": "0E189F0F-B307-457E-ADE6-F6E6E5916388",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.18:*:*:*:*:*:*:*",
"matchCriteriaId": "6E8E9EB0-F8BC-4297-B4A3-80346191D98A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C015DE32-1D60-49EA-889D-B8FE453CF02E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7E611FD8-DA12-4DAD-B9B4-A319D0865019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "71199CD8-08A3-4D2D-A584-82A50C3AB63E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "546D149D-2B90-4D84-A662-D6E5AC0E38A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1586A1F4-3542-4F99-B0B6-EBBDF2881744",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1AD4DBE0-07E2-450F-8354-2838E84D6585",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "62F00D9B-0CEC-4777-89B2-E629C89C4947",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5F2CD66F-CFE5-43BB-9BC0-44A5986B8B0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A7E5D0F4-DE8E-461E-93A1-42BE9A214FE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.8.9:*:*:*:*:*:*:*",
"matchCriteriaId": "55799421-1421-47FB-8C2E-F8D4A3B43A6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "619E9045-3F8D-4D1D-99BD-D92EE65A014E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "258FAFB4-2B67-456B-BE78-1562A3D5E9A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "15F08919-8764-419D-A399-1EAA6B055C5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "09BA6E79-22B6-4E5E-8C85-BBA8CB6C1828",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FB328ACE-FC3C-4255-9400-A9BBC5059F5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "877383E9-545F-4324-B8EA-76F33B7C11C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7B6BCA5E-1A43-41AA-ACEC-2C73E1B84D26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0CF15EDB-2707-43E2-9B53-C0CCA28AC972",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C896CBBE-BE7B-44C3-A25E-F85BC7F6CE51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "944374E2-A07E-4EEA-BE0C-47EF62FFABA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.9:*:*:*:*:*:*:*",
"matchCriteriaId": "CAEA85D5-10B2-4003-A857-2C46F9559694",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "799E1F2E-DA5F-41B5-9B83-55661E18D726",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.11:*:*:*:*:*:*:*",
"matchCriteriaId": "AD9369A6-F59D-4C7A-830E-6EAC6F81A493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.12:*:*:*:*:*:*:*",
"matchCriteriaId": "31A2732A-0309-4DF0-9EF1-7954D10BCFCC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An open redirect vulnerability has been detected with some Pivotal Cloud Foundry Elastic Runtime components. Users of affected versions should apply the following mitigation: Upgrade PCF Elastic Runtime 1.8.x versions to 1.8.12 or later. Upgrade PCF Ops Manager 1.7.x versions to 1.7.18 or later and 1.8.x versions to 1.8.10 or later."
},
{
"lang": "es",
"value": "Una vulnerabilidad de redirecci\u00f3n abierta ha sido detectada con algunos componentes Pivotal Cloud Foundry Elastic Runtime. Los usuarios de las versiones afectadas deben aplicar la siguiente mitigaci\u00f3n: Actualizar PCF Elastic Runtime 1.8.x en versiones 1.8.12 o posteriores. Actualizar PCF Ops Manager 1.7.x en versiones 1.7.18 o posteriores y 1.8.x versi\u00f3n 1.8.10 o posteriores."
}
],
"id": "CVE-2016-6657",
"lastModified": "2024-11-21T02:56:33.987",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-12-16T09:59:00.277",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94126"
},
{
"source": "security_alert@emc.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2016-6657"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94126"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2016-6657"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-05-25 17:29
Modified
2024-11-21 02:26
Severity ?
Summary
A path traversal vulnerability was identified in the Cloud Foundry component Cloud Controller that affects cf-release versions prior to v208 and Pivotal Cloud Foundry Elastic Runtime versions prior to 1.4.2. Path traversal is the 'outbreak' of a given directory structure through relative file paths in the user input. It aims at accessing files and directories that are stored outside the web root folder, for disallowed reading or even executing arbitrary system commands. An attacker could use a certain parameter of the file path for instance to inject '../' sequences in order to navigate through the file system. In this particular case a remote authenticated attacker can exploit the identified vulnerability in order to upload arbitrary files to the server running a Cloud Controller instance - outside the isolated application container.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security_alert@emc.com | http://www.securityfocus.com/bid/98691 | Third Party Advisory, VDB Entry | |
| security_alert@emc.com | https://pivotal.io/security/cve-2015-1834 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/98691 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pivotal.io/security/cve-2015-1834 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cloudfoundry | cf-release | * | |
| pivotal_software | cloud_foundry_elastic_runtime | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cloudfoundry:cf-release:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2C42A408-570D-42C3-B5AF-C173D14B7CE6",
"versionEndIncluding": "207",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:*:*:*:*:*:*:*:*",
"matchCriteriaId": "567FE032-B2D3-47EC-9CCB-2298311C1924",
"versionEndIncluding": "1.4.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A path traversal vulnerability was identified in the Cloud Foundry component Cloud Controller that affects cf-release versions prior to v208 and Pivotal Cloud Foundry Elastic Runtime versions prior to 1.4.2. Path traversal is the \u0027outbreak\u0027 of a given directory structure through relative file paths in the user input. It aims at accessing files and directories that are stored outside the web root folder, for disallowed reading or even executing arbitrary system commands. An attacker could use a certain parameter of the file path for instance to inject \u0027../\u0027 sequences in order to navigate through the file system. In this particular case a remote authenticated attacker can exploit the identified vulnerability in order to upload arbitrary files to the server running a Cloud Controller instance - outside the isolated application container."
},
{
"lang": "es",
"value": "Una vulnerabilidad de salto de directorio ha sido identificada en el componente Cloud Controller de Cloud Foundry, versiones anteriores a la v208 y en Pivotal Cloud Foundry Elastic Runtime, versiones anteriores a la 1.4.2. Un salto de directorio puede originarse a trav\u00e9s de una estructura de directorios relativa a la ruta de un fichero apuntada en una entrada de usuario. El objetivo es el acceso a ficheros y directorios situados fuera de la carpeta web ra\u00edz, con la finalidad de realizar lecturas no autorizadas o incluso ejecutar comandos de sistema arbitrarios. Un atacante podr\u00eda utilizar un cierto par\u00e1metro de la ruta del fichero para p.e. inyectar secuencias de \u0027../\u0027 para navegar a trav\u00e9s del sistema de ficheros. En este caso particular, un atacante remoto autenticado pudr\u00eda explotar esta vulnerabilidad para cargar ficheros arbitrarios en el servidor donde se est\u00e1 ejecutando una instancia de Cloud Controller fuera del contenedor que a\u00edsla a la aplicaci\u00f3n."
}
],
"id": "CVE-2015-1834",
"lastModified": "2024-11-21T02:26:14.327",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-25T17:29:00.287",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98691"
},
{
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2015-1834"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98691"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2015-1834"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-24 17:29
Modified
2024-11-21 02:32
Severity ?
Summary
Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact via vectors involving emails with password recovery links, aka "Cross Domain Referer Leakage."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://pivotal.io/security/cve-2015-5170-5173 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pivotal.io/security/cve-2015-5170-5173 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cloudfoundry | cf-release | * | |
| pivotal_software | cloud_foundry_elastic_runtime | * | |
| pivotal_software | cloud_foundry_uaa | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cloudfoundry:cf-release:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E39C984-9592-4C18-A220-F3BF2FF0E4D3",
"versionEndExcluding": "216",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:*:*:*:*:*:*:*:*",
"matchCriteriaId": "349BBE7C-CB38-4F96-B42C-03982C4D6071",
"versionEndExcluding": "1.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6FF9860B-08BA-42CA-A3C0-34BE821C47B2",
"versionEndExcluding": "2.5.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact via vectors involving emails with password recovery links, aka \"Cross Domain Referer Leakage.\""
},
{
"lang": "es",
"value": "Cloud Foundry Runtime cf-release en versiones anteriores a la 216, UAA en versiones anteriores a la 2.5.2 y Pivotal Cloud Foundry (PCF) Elastic Runtime en versiones anteriores a la 1.7.0 permite que los atacantes causen un impacto no especificado mediante vectores que involucren emails con enlaces de recuperaci\u00f3n de contrase\u00f1as. Esta vulnerabilidad tambi\u00e9n se conoce como \"Cross Domain Referer Leakage\"."
}
],
"id": "CVE-2015-5173",
"lastModified": "2024-11-21T02:32:29.870",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-24T17:29:00.290",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2015-5170-5173"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2015-5170-5173"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-06-13 06:29
Modified
2024-11-21 03:26
Severity ?
Summary
An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.65, 1.7.x versions prior to 1.7.48, 1.8.x versions prior to 1.8.28, and 1.9.x versions prior to 1.9.5. Several credentials were present in the logs for the Notifications errand in the PCF Elastic Runtime tile.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security_alert@emc.com | http://www.securityfocus.com/bid/97082 | Third Party Advisory, VDB Entry | |
| security_alert@emc.com | https://pivotal.io/security/cve-2017-4955 | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/97082 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pivotal.io/security/cve-2017-4955 | Mitigation, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CC5918-BC38-46E3-8000-5FE87A65C0E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "36926681-35F4-4619-9613-155DEEEA3C8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "41FF3C2B-E96F-4DF7-A5C4-703206CB729E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F9CB3C2D-3080-4A3D-8D8D-1381B5D98920",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "782781EB-147C-4B00-84C5-1D8443BFA2D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "35A56755-EEB2-4C93-B180-3918A36965AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E4009F10-08AF-470B-B903-38B8A6DBF332",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2B2E8F04-53E6-4A3C-BE4B-8D0DDA22CA8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "790DAB24-893A-463F-8358-171DACD75074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3645A1A8-4945-447F-A968-101D5938F9C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "0E52C9B9-8F94-48D8-ADA6-96918F6AAD36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "3948FC2F-AF3B-4AF3-968D-F124D03A213A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.12:*:*:*:*:*:*:*",
"matchCriteriaId": "4BA44F9B-97D5-48C0-91E9-6D3FEC8B7773",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.13:*:*:*:*:*:*:*",
"matchCriteriaId": "7B414F88-6541-48C6-B9D6-4DDA035A0037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.14:*:*:*:*:*:*:*",
"matchCriteriaId": "66235C7F-D5EE-4989-8D24-6D0781954234",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.15:*:*:*:*:*:*:*",
"matchCriteriaId": "12E75B49-2419-4313-A648-B5283DA620E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.16:*:*:*:*:*:*:*",
"matchCriteriaId": "EED70273-3FB2-4652-9AA2-10E2E9D581DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.17:*:*:*:*:*:*:*",
"matchCriteriaId": "A2C07910-C462-46C1-83CB-39B3FD8D25BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.18:*:*:*:*:*:*:*",
"matchCriteriaId": "C6B9243E-31EF-48AB-BAB5-CCC3704A219F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.19:*:*:*:*:*:*:*",
"matchCriteriaId": "2BCB1D4B-F44C-41A1-90CA-62FD37003A1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.20:*:*:*:*:*:*:*",
"matchCriteriaId": "F623783F-46DF-454E-BD83-5D2AE35EA9B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.21:*:*:*:*:*:*:*",
"matchCriteriaId": "6BD9D35B-3E85-49FD-BA0A-D9020C5F280E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.22:*:*:*:*:*:*:*",
"matchCriteriaId": "A28CEEDF-FA40-4922-87A6-35DEBF184DC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.23:*:*:*:*:*:*:*",
"matchCriteriaId": "D4F08111-51B1-4866-8695-C0877FC77D0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.24:*:*:*:*:*:*:*",
"matchCriteriaId": "9FC58A11-78C4-495B-A898-048EE9F3063D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.25:*:*:*:*:*:*:*",
"matchCriteriaId": "620EAB8D-3754-494D-9912-724A0FE1E80F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.26:*:*:*:*:*:*:*",
"matchCriteriaId": "ADBA74BD-EF83-4F29-8040-FB5B35D38C9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.27:*:*:*:*:*:*:*",
"matchCriteriaId": "A1E00BE6-B2B6-4C02-9510-1F3DCC081173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.28:*:*:*:*:*:*:*",
"matchCriteriaId": "A4D9E726-CF92-4DE5-8A04-02428328CC8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.29:*:*:*:*:*:*:*",
"matchCriteriaId": "5E1CAC4E-3CD6-4D0C-8544-9481E57FD338",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.30:*:*:*:*:*:*:*",
"matchCriteriaId": "D1D0F13A-D149-492D-A484-B7F4235B2DC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.31:*:*:*:*:*:*:*",
"matchCriteriaId": "160A9972-DCF2-46A9-8025-938C492E5A0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.32:*:*:*:*:*:*:*",
"matchCriteriaId": "43978845-CC25-4975-8155-AC0999A4268B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.33:*:*:*:*:*:*:*",
"matchCriteriaId": "7B1A6848-16B9-47EC-B7C8-7740086398F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.34:*:*:*:*:*:*:*",
"matchCriteriaId": "D9708D36-4A9B-484A-A627-69A85D66EDF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.35:*:*:*:*:*:*:*",
"matchCriteriaId": "F0AB1C89-79D2-4997-A00D-E6E62243278B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.36:*:*:*:*:*:*:*",
"matchCriteriaId": "C071EA95-4AE2-43DC-900F-3DDD38959754",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.37:*:*:*:*:*:*:*",
"matchCriteriaId": "A6FF1F58-580A-4035-9427-1B4E96FC9E9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.38:*:*:*:*:*:*:*",
"matchCriteriaId": "71499439-2748-4B4F-8659-AE4F67CCC8AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.39:*:*:*:*:*:*:*",
"matchCriteriaId": "50161ECB-FEEA-4E1C-8DF9-5F3F7D944895",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.40:*:*:*:*:*:*:*",
"matchCriteriaId": "6D21BF37-C46C-4AF2-BEDA-F048520B2364",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.41:*:*:*:*:*:*:*",
"matchCriteriaId": "22F33DD4-DDE7-4742-8FC6-15B6A1879A27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.42:*:*:*:*:*:*:*",
"matchCriteriaId": "74509FEE-7166-4E02-8DF1-8F37DF6B0544",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.43:*:*:*:*:*:*:*",
"matchCriteriaId": "1A8CCAAC-4ED2-4EA2-A929-ED2A2422DB39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.44:*:*:*:*:*:*:*",
"matchCriteriaId": "7E5340E4-0C9D-40F5-9E34-14E793A44361",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.45:*:*:*:*:*:*:*",
"matchCriteriaId": "C45701FC-4423-4C05-A32F-75DB4B9F1E4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.46:*:*:*:*:*:*:*",
"matchCriteriaId": "902B67BD-57D8-4088-9FD6-9691ADB86D76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.47:*:*:*:*:*:*:*",
"matchCriteriaId": "28873E30-9073-424E-B68B-8DF11AFB72E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.48:*:*:*:*:*:*:*",
"matchCriteriaId": "B2F8DC97-BBBA-4377-ADF0-1F92AC5E135E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.49:*:*:*:*:*:*:*",
"matchCriteriaId": "C3585890-0DD5-4184-9AEE-5F22EACA2963",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.50:*:*:*:*:*:*:*",
"matchCriteriaId": "3B26DE06-585E-4E8B-81BD-5DAF32CF1893",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.51:*:*:*:*:*:*:*",
"matchCriteriaId": "12188BF1-1307-48B0-AAE4-6C91402B726F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.52:*:*:*:*:*:*:*",
"matchCriteriaId": "335DB844-E49A-439E-A4B3-D8E45BFE5DBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.53:*:*:*:*:*:*:*",
"matchCriteriaId": "DA90B5C3-4F17-4F8C-83A2-DFCD194F965C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.54:*:*:*:*:*:*:*",
"matchCriteriaId": "AA644782-F305-4BDB-B720-FF88D5B40308",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.55:*:*:*:*:*:*:*",
"matchCriteriaId": "97E71936-5F88-4A8C-BFE5-9591FEC3B5F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.56:*:*:*:*:*:*:*",
"matchCriteriaId": "62C9C2B9-DF79-4C9E-87F1-2949F9FC8C6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.57:*:*:*:*:*:*:*",
"matchCriteriaId": "1F458801-EB3D-4295-B7B1-AA8259758157",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.58:*:*:*:*:*:*:*",
"matchCriteriaId": "9FC59E2D-87E5-486E-8035-878B9C85E18A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.59:*:*:*:*:*:*:*",
"matchCriteriaId": "3870B8B2-FAF2-4374-B580-9884B72F2FB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.60:*:*:*:*:*:*:*",
"matchCriteriaId": "69589093-7B4F-433B-AD35-60CB9392C08C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.61:*:*:*:*:*:*:*",
"matchCriteriaId": "3C846FB3-526A-4B63-A10D-144DF6E31BA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.62:*:*:*:*:*:*:*",
"matchCriteriaId": "F36A6F3C-B2D9-483B-90CD-127DF7444514",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.63:*:*:*:*:*:*:*",
"matchCriteriaId": "394F138C-2C9C-46F5-A7E2-95511A2919C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.64:*:*:*:*:*:*:*",
"matchCriteriaId": "1A76CF05-C43D-45C1-A709-1BB7097B9E5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B75A7F-EAAC-4D81-9A10-D8DB45828EC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FA53D5B4-75BF-445F-96AA-4DC308B76E64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6DD5D5D9-604D-4917-99D0-1F41784A6835",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6B2BF60D-EEEE-4F4C-A19F-108C78366089",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5EED880C-5EF5-4FEA-A4BD-58CA61C12A9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DDA80BA5-66B0-4A6C-B552-175DBB930EB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BCDBAF27-D5DC-4379-A76E-7BD2CD98EB5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D957FD98-C2B4-48C2-81A0-37B2581E9F52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0DADB2DA-A12F-426E-9DEB-3628B081F78D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "99C97080-9BD3-4F17-A0E4-80F9F4CD7DB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E764D26C-D2C4-496C-936F-BF6793BF7C70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.12:*:*:*:*:*:*:*",
"matchCriteriaId": "1E574EDD-AD33-4A00-8E14-76F0134EC00B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.13:*:*:*:*:*:*:*",
"matchCriteriaId": "A2274274-C1F8-4E42-AF7A-BDBF379E823E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.14:*:*:*:*:*:*:*",
"matchCriteriaId": "DCB25167-8350-4362-876C-690F5B5B057C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.15:*:*:*:*:*:*:*",
"matchCriteriaId": "28F89423-3AEE-475A-BBBA-B895D9732A14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.16:*:*:*:*:*:*:*",
"matchCriteriaId": "B4B5CB0D-09C9-4CB2-B842-CA68400CDAAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.17:*:*:*:*:*:*:*",
"matchCriteriaId": "F047032B-218E-41BF-9F46-4682D415960E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.18:*:*:*:*:*:*:*",
"matchCriteriaId": "B291CCA0-EAE5-4900-ABF3-9A9D76910BD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.19:*:*:*:*:*:*:*",
"matchCriteriaId": "DB8DAD87-111B-4F17-85CC-65C395851079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.20:*:*:*:*:*:*:*",
"matchCriteriaId": "248878D6-7987-4608-9A28-66F3F7EFB976",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.21:*:*:*:*:*:*:*",
"matchCriteriaId": "62465763-0887-4082-9363-8F70B264F29A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "088B4A1B-3E98-4B9E-8430-30F6E61B560B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.23:*:*:*:*:*:*:*",
"matchCriteriaId": "2A13F165-C8D2-4BCB-84D3-B264C3DDD1FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.24:*:*:*:*:*:*:*",
"matchCriteriaId": "0844334C-E31A-4D85-B12A-AD06A00BF76D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.25:*:*:*:*:*:*:*",
"matchCriteriaId": "10CF4D45-1011-4252-A1A0-7A60BF6010ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.26:*:*:*:*:*:*:*",
"matchCriteriaId": "4F9CB7CA-00B2-4583-ACDB-9269E380D328",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.27:*:*:*:*:*:*:*",
"matchCriteriaId": "DDCF9CD2-4D4C-44CF-BD32-146A7C782DD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.28:*:*:*:*:*:*:*",
"matchCriteriaId": "034CA20F-30F2-4A6B-BE15-685864B4BB41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.29:*:*:*:*:*:*:*",
"matchCriteriaId": "D4B5BB61-A6FF-4F7B-852F-6EE86992E5C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.30:*:*:*:*:*:*:*",
"matchCriteriaId": "1D25BD5D-948B-4E5E-B25D-669CEDA02A1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.31:*:*:*:*:*:*:*",
"matchCriteriaId": "4634673B-84CD-4FCD-AECB-D5B865C0B05B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.32:*:*:*:*:*:*:*",
"matchCriteriaId": "57AE9EB2-4FA8-4186-B6F2-3F8EE3AB880E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.33:*:*:*:*:*:*:*",
"matchCriteriaId": "2B077E17-2BDC-4A55-990C-EE9036D80895",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.34:*:*:*:*:*:*:*",
"matchCriteriaId": "ECAB3961-38F3-4AEE-8EEA-AC929F93F9C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.35:*:*:*:*:*:*:*",
"matchCriteriaId": "FB91D749-3F61-4EAA-872B-27E66BF6D234",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.36:*:*:*:*:*:*:*",
"matchCriteriaId": "F23EA9FC-3396-40DB-925F-62CBA92B407C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.37:*:*:*:*:*:*:*",
"matchCriteriaId": "47D4AF5F-FCC7-4795-9E12-7EEA3686F059",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC87A91E-9804-4E77-99F0-75D87C970151",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.39:*:*:*:*:*:*:*",
"matchCriteriaId": "BE43BD2D-DD11-49F8-9894-719982B1B4FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.40:*:*:*:*:*:*:*",
"matchCriteriaId": "3BF27099-228F-422B-95BA-F8BDDCD72D18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.41:*:*:*:*:*:*:*",
"matchCriteriaId": "CE4093B0-E785-4E4D-A076-FAB5CFF397CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.42:*:*:*:*:*:*:*",
"matchCriteriaId": "8FAC1C6F-F41A-45B9-A9BC-0BBCB396EC2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.43:*:*:*:*:*:*:*",
"matchCriteriaId": "3E9862AE-D007-453B-9480-88CBF2C94A99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.44:*:*:*:*:*:*:*",
"matchCriteriaId": "85738A2A-5E35-480D-8BCE-A8298FB5A91A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.45:*:*:*:*:*:*:*",
"matchCriteriaId": "A2E99A62-2EA2-476A-95F4-8674E6887891",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.46:*:*:*:*:*:*:*",
"matchCriteriaId": "C20FB123-CB94-46B3-8800-C93BB6285B24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.47:*:*:*:*:*:*:*",
"matchCriteriaId": "411351FC-6D34-4FB9-A658-937519095A9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "15F08919-8764-419D-A399-1EAA6B055C5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "09BA6E79-22B6-4E5E-8C85-BBA8CB6C1828",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FB328ACE-FC3C-4255-9400-A9BBC5059F5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "877383E9-545F-4324-B8EA-76F33B7C11C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7B6BCA5E-1A43-41AA-ACEC-2C73E1B84D26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0CF15EDB-2707-43E2-9B53-C0CCA28AC972",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C896CBBE-BE7B-44C3-A25E-F85BC7F6CE51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "944374E2-A07E-4EEA-BE0C-47EF62FFABA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.9:*:*:*:*:*:*:*",
"matchCriteriaId": "CAEA85D5-10B2-4003-A857-2C46F9559694",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "799E1F2E-DA5F-41B5-9B83-55661E18D726",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.11:*:*:*:*:*:*:*",
"matchCriteriaId": "AD9369A6-F59D-4C7A-830E-6EAC6F81A493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.12:*:*:*:*:*:*:*",
"matchCriteriaId": "31A2732A-0309-4DF0-9EF1-7954D10BCFCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.13:*:*:*:*:*:*:*",
"matchCriteriaId": "C3101A31-55B3-4212-B78F-FE574B445F91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.14:*:*:*:*:*:*:*",
"matchCriteriaId": "DED599DA-D25C-45FD-9CDA-8E9E2D17364C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.15:*:*:*:*:*:*:*",
"matchCriteriaId": "EBA779B7-1660-48B7-A648-E3952BFD1B14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.16:*:*:*:*:*:*:*",
"matchCriteriaId": "83A66A35-48D1-48E5-97A9-A6F136EC9BEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.17:*:*:*:*:*:*:*",
"matchCriteriaId": "598033B9-A0FB-4A5B-9417-5A434608232A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.18:*:*:*:*:*:*:*",
"matchCriteriaId": "A6CE5BCF-A1C8-4F24-A5BC-70FAF096253F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.19:*:*:*:*:*:*:*",
"matchCriteriaId": "85E0C92F-485D-4675-95F8-672E8489AF64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.20:*:*:*:*:*:*:*",
"matchCriteriaId": "6B95BB7C-D9D7-4A63-B8AB-6EB456D236A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.21:*:*:*:*:*:*:*",
"matchCriteriaId": "A06AE8D5-F30A-4F73-AF69-622F01D0BF0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.22:*:*:*:*:*:*:*",
"matchCriteriaId": "167A8FDC-4C37-4AC4-9A0D-B73602F8062F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.23:*:*:*:*:*:*:*",
"matchCriteriaId": "DDAEFA2F-3E9E-4B4F-8679-7F70A3ED6292",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.24:*:*:*:*:*:*:*",
"matchCriteriaId": "81501627-C022-4BEC-AF42-B10DF1CDA69E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.25:*:*:*:*:*:*:*",
"matchCriteriaId": "2FD7FDCF-4123-4000-821B-88D5214AF74D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.26:*:*:*:*:*:*:*",
"matchCriteriaId": "A0224626-1FB4-4DF5-B16F-5D2741E51E02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.27:*:*:*:*:*:*:*",
"matchCriteriaId": "ADD367D8-748B-4CE7-8CF4-0549B02B1766",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F25D21E0-E84B-4BCF-B2D0-2332CD583128",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "80C76651-7E20-4456-ADA3-DF5020471743",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CC7911DD-A3CC-4046-884D-C11A1263B037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8F122CEA-7924-45A6-BCFD-B9079C4B0DCA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.65, 1.7.x versions prior to 1.7.48, 1.8.x versions prior to 1.8.28, and 1.9.x versions prior to 1.9.5. Several credentials were present in the logs for the Notifications errand in the PCF Elastic Runtime tile."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en las versiones de PCF Elastic Runtime de Pivotal versiones 1.6.x anteriores a 1.6.65, versiones 1.7.x anteriores a 1.7.48, versiones 1.8.x anteriores a 1.8.28 y versiones 1.9.x anteriores a 1.9.5. Varias credenciales estaban presentes en los registros para la tarea Notifications en el mosaico de PCF Elastic Runtime."
}
],
"id": "CVE-2017-4955",
"lastModified": "2024-11-21T03:26:45.230",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-06-13T06:29:00.330",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97082"
},
{
"source": "security_alert@emc.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2017-4955"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97082"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2017-4955"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}