Search criteria
15 vulnerabilities found for cloud_foundry_ops_manager by pivotal_software
FKIE_CVE-2016-4468
Vulnerability from fkie_nvd - Published: 2017-04-11 15:59 - Updated: 2025-04-20 01:37
Severity ?
Summary
SQL injection vulnerability in Pivotal Cloud Foundry (PCF) before 238; UAA 2.x before 2.7.4.4, 3.x before 3.3.0.2, and 3.4.x before 3.4.1; UAA BOSH before 11.2 and 12.x before 12.2; Elastic Runtime before 1.6.29 and 1.7.x before 1.7.7; and Ops Manager 1.7.x before 1.7.8 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE34AD8-2C6B-4C29-AC93-650AE7303EAF",
"versionEndIncluding": "12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry:*:*:*:*:*:*:*:*",
"matchCriteriaId": "67C1C3E2-5504-4B0C-A3B2-D3977DEA9689",
"versionEndIncluding": "237.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CC5918-BC38-46E3-8000-5FE87A65C0E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "36926681-35F4-4619-9613-155DEEEA3C8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "41FF3C2B-E96F-4DF7-A5C4-703206CB729E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F9CB3C2D-3080-4A3D-8D8D-1381B5D98920",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "782781EB-147C-4B00-84C5-1D8443BFA2D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "35A56755-EEB2-4C93-B180-3918A36965AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E4009F10-08AF-470B-B903-38B8A6DBF332",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2B2E8F04-53E6-4A3C-BE4B-8D0DDA22CA8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "790DAB24-893A-463F-8358-171DACD75074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3645A1A8-4945-447F-A968-101D5938F9C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "0E52C9B9-8F94-48D8-ADA6-96918F6AAD36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "3948FC2F-AF3B-4AF3-968D-F124D03A213A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.12:*:*:*:*:*:*:*",
"matchCriteriaId": "4BA44F9B-97D5-48C0-91E9-6D3FEC8B7773",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.13:*:*:*:*:*:*:*",
"matchCriteriaId": "7B414F88-6541-48C6-B9D6-4DDA035A0037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.14:*:*:*:*:*:*:*",
"matchCriteriaId": "66235C7F-D5EE-4989-8D24-6D0781954234",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.15:*:*:*:*:*:*:*",
"matchCriteriaId": "12E75B49-2419-4313-A648-B5283DA620E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.17:*:*:*:*:*:*:*",
"matchCriteriaId": "A2C07910-C462-46C1-83CB-39B3FD8D25BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.18:*:*:*:*:*:*:*",
"matchCriteriaId": "C6B9243E-31EF-48AB-BAB5-CCC3704A219F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.19:*:*:*:*:*:*:*",
"matchCriteriaId": "2BCB1D4B-F44C-41A1-90CA-62FD37003A1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.20:*:*:*:*:*:*:*",
"matchCriteriaId": "F623783F-46DF-454E-BD83-5D2AE35EA9B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.21:*:*:*:*:*:*:*",
"matchCriteriaId": "6BD9D35B-3E85-49FD-BA0A-D9020C5F280E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.22:*:*:*:*:*:*:*",
"matchCriteriaId": "A28CEEDF-FA40-4922-87A6-35DEBF184DC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.23:*:*:*:*:*:*:*",
"matchCriteriaId": "D4F08111-51B1-4866-8695-C0877FC77D0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.25:*:*:*:*:*:*:*",
"matchCriteriaId": "620EAB8D-3754-494D-9912-724A0FE1E80F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.26:*:*:*:*:*:*:*",
"matchCriteriaId": "ADBA74BD-EF83-4F29-8040-FB5B35D38C9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.27:*:*:*:*:*:*:*",
"matchCriteriaId": "A1E00BE6-B2B6-4C02-9510-1F3DCC081173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.28:*:*:*:*:*:*:*",
"matchCriteriaId": "A4D9E726-CF92-4DE5-8A04-02428328CC8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "85E08C11-76E1-4F91-8061-5DA1BABD8767",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B75A7F-EAAC-4D81-9A10-D8DB45828EC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FA53D5B4-75BF-445F-96AA-4DC308B76E64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6DD5D5D9-604D-4917-99D0-1F41784A6835",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6B2BF60D-EEEE-4F4C-A19F-108C78366089",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5EED880C-5EF5-4FEA-A4BD-58CA61C12A9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DDA80BA5-66B0-4A6C-B552-175DBB930EB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BCDBAF27-D5DC-4379-A76E-7BD2CD98EB5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "258FAFB4-2B67-456B-BE78-1562A3D5E9A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A2D55721-7B40-4277-9E5A-4A9688D12ADF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7B931453-BA62-45A2-8574-A590E2DE55DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BA7E6331-33BC-4F3D-86C7-4DDBCB2B3B91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9FCBC4AE-B126-4EF6-B75E-062423E3F161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "ED35AA0C-9427-492A-972A-D82972BBD9CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7412837F-8F31-48A5-81AF-51E7A4A40310",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6A8A33E4-AFCD-436B-8635-7F45F4B043F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "79217281-FDA5-44AD-82A9-7375F9562345",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E7FB48BC-5523-4B18-860C-A1DA648F2C1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:*:*:*:*:*:*:*:*",
"matchCriteriaId": "01643DD1-A29E-429D-BED2-16A593BF4DF2",
"versionEndIncluding": "3.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Pivotal Cloud Foundry (PCF) before 238; UAA 2.x before 2.7.4.4, 3.x before 3.3.0.2, and 3.4.x before 3.4.1; UAA BOSH before 11.2 and 12.x before 12.2; Elastic Runtime before 1.6.29 and 1.7.x before 1.7.7; and Ops Manager 1.7.x before 1.7.8 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en Pivotal Cloud Foundry (PCF) en versiones anteriores a 238; UAA 2.x en versiones anteriores a 2.7.4.4, 3.x en versiones anteriores a 3.3.0.2 y 3.4.x en versiones anteriores a 3.4.1; UAA BOSH en versiones anteriores a 11.2 y 12.x en versiones anteriores a 12.2; Elastic Runtime en versiones anteriores a 1.6.29 y 1.7.x en versiones anteriores a 1.7.7; y Ops Manager 1.7.x en versiones anteriores a 1.7.8 permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2016-4468",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-11T15:59:00.150",
"references": [
{
"source": "secalert@redhat.com",
"url": "https://lists.cloudfoundry.org/archives/list/cf-dev%40lists.cloudfoundry.org/thread/WMTZBIH5U7DTOOX2SNRVTPQI3U2AINOB/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2016-4468"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.cloudfoundry.org/archives/list/cf-dev%40lists.cloudfoundry.org/thread/WMTZBIH5U7DTOOX2SNRVTPQI3U2AINOB/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2016-4468"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-6657
Vulnerability from fkie_nvd - Published: 2016-12-16 09:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
An open redirect vulnerability has been detected with some Pivotal Cloud Foundry Elastic Runtime components. Users of affected versions should apply the following mitigation: Upgrade PCF Elastic Runtime 1.8.x versions to 1.8.12 or later. Upgrade PCF Ops Manager 1.7.x versions to 1.7.18 or later and 1.8.x versions to 1.8.10 or later.
References
| URL | Tags | ||
|---|---|---|---|
| security_alert@emc.com | http://www.securityfocus.com/bid/94126 | Third Party Advisory, VDB Entry | |
| security_alert@emc.com | https://pivotal.io/security/cve-2016-6657 | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94126 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pivotal.io/security/cve-2016-6657 | Mitigation, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A2D55721-7B40-4277-9E5A-4A9688D12ADF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7B931453-BA62-45A2-8574-A590E2DE55DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BA7E6331-33BC-4F3D-86C7-4DDBCB2B3B91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9FCBC4AE-B126-4EF6-B75E-062423E3F161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "ED35AA0C-9427-492A-972A-D82972BBD9CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7412837F-8F31-48A5-81AF-51E7A4A40310",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6A8A33E4-AFCD-436B-8635-7F45F4B043F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "79217281-FDA5-44AD-82A9-7375F9562345",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E7FB48BC-5523-4B18-860C-A1DA648F2C1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2B630514-7848-435E-B9BD-9350BA671D95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "683152A4-2927-4735-8BFF-B9B499B44D15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "CC7AEA69-D9C5-4CE8-BD67-9E5E5E7EF343",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.12:*:*:*:*:*:*:*",
"matchCriteriaId": "ADD6F12D-6324-48E3-A508-70A7B122CA3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.13:*:*:*:*:*:*:*",
"matchCriteriaId": "651B4CA5-EEE2-41CD-8711-F8334D18D91C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.14:*:*:*:*:*:*:*",
"matchCriteriaId": "A9034BC4-576A-4357-87ED-37085A5BEC2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.15:*:*:*:*:*:*:*",
"matchCriteriaId": "59FD7D94-5D90-4235-AECF-75A1478E9350",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.16:*:*:*:*:*:*:*",
"matchCriteriaId": "33A3439C-86CF-4E0E-A072-6CAD1285CC65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.17:*:*:*:*:*:*:*",
"matchCriteriaId": "0E189F0F-B307-457E-ADE6-F6E6E5916388",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.18:*:*:*:*:*:*:*",
"matchCriteriaId": "6E8E9EB0-F8BC-4297-B4A3-80346191D98A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C015DE32-1D60-49EA-889D-B8FE453CF02E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7E611FD8-DA12-4DAD-B9B4-A319D0865019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "71199CD8-08A3-4D2D-A584-82A50C3AB63E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "546D149D-2B90-4D84-A662-D6E5AC0E38A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1586A1F4-3542-4F99-B0B6-EBBDF2881744",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1AD4DBE0-07E2-450F-8354-2838E84D6585",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "62F00D9B-0CEC-4777-89B2-E629C89C4947",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5F2CD66F-CFE5-43BB-9BC0-44A5986B8B0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A7E5D0F4-DE8E-461E-93A1-42BE9A214FE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.8.9:*:*:*:*:*:*:*",
"matchCriteriaId": "55799421-1421-47FB-8C2E-F8D4A3B43A6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "619E9045-3F8D-4D1D-99BD-D92EE65A014E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "258FAFB4-2B67-456B-BE78-1562A3D5E9A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "15F08919-8764-419D-A399-1EAA6B055C5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "09BA6E79-22B6-4E5E-8C85-BBA8CB6C1828",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FB328ACE-FC3C-4255-9400-A9BBC5059F5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "877383E9-545F-4324-B8EA-76F33B7C11C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7B6BCA5E-1A43-41AA-ACEC-2C73E1B84D26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0CF15EDB-2707-43E2-9B53-C0CCA28AC972",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C896CBBE-BE7B-44C3-A25E-F85BC7F6CE51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "944374E2-A07E-4EEA-BE0C-47EF62FFABA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.9:*:*:*:*:*:*:*",
"matchCriteriaId": "CAEA85D5-10B2-4003-A857-2C46F9559694",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "799E1F2E-DA5F-41B5-9B83-55661E18D726",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.11:*:*:*:*:*:*:*",
"matchCriteriaId": "AD9369A6-F59D-4C7A-830E-6EAC6F81A493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.12:*:*:*:*:*:*:*",
"matchCriteriaId": "31A2732A-0309-4DF0-9EF1-7954D10BCFCC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An open redirect vulnerability has been detected with some Pivotal Cloud Foundry Elastic Runtime components. Users of affected versions should apply the following mitigation: Upgrade PCF Elastic Runtime 1.8.x versions to 1.8.12 or later. Upgrade PCF Ops Manager 1.7.x versions to 1.7.18 or later and 1.8.x versions to 1.8.10 or later."
},
{
"lang": "es",
"value": "Una vulnerabilidad de redirecci\u00f3n abierta ha sido detectada con algunos componentes Pivotal Cloud Foundry Elastic Runtime. Los usuarios de las versiones afectadas deben aplicar la siguiente mitigaci\u00f3n: Actualizar PCF Elastic Runtime 1.8.x en versiones 1.8.12 o posteriores. Actualizar PCF Ops Manager 1.7.x en versiones 1.7.18 o posteriores y 1.8.x versi\u00f3n 1.8.10 o posteriores."
}
],
"id": "CVE-2016-6657",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-12-16T09:59:00.277",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94126"
},
{
"source": "security_alert@emc.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2016-6657"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94126"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2016-6657"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-6651
Vulnerability from fkie_nvd - Published: 2016-09-30 00:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
The UAA /oauth/token endpoint in Pivotal Cloud Foundry (PCF) before 243; UAA 2.x before 2.7.4.8, 3.x before 3.3.0.6, and 3.4.x before 3.4.5; UAA BOSH before 11.7 and 12.x before 12.6; Elastic Runtime before 1.6.40, 1.7.x before 1.7.21, and 1.8.x before 1.8.2; and Ops Manager 1.7.x before 1.7.13 and 1.8.x before 1.8.1 allows remote authenticated users to gain privileges by leveraging possession of a token.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0DAFE420-82CA-489D-977A-611BE08F53C2",
"versionEndIncluding": "16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2FB43EA3-583C-4838-8319-3503DA1A2EBA",
"versionEndIncluding": "242.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CC5918-BC38-46E3-8000-5FE87A65C0E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "36926681-35F4-4619-9613-155DEEEA3C8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "41FF3C2B-E96F-4DF7-A5C4-703206CB729E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F9CB3C2D-3080-4A3D-8D8D-1381B5D98920",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "782781EB-147C-4B00-84C5-1D8443BFA2D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "35A56755-EEB2-4C93-B180-3918A36965AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E4009F10-08AF-470B-B903-38B8A6DBF332",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2B2E8F04-53E6-4A3C-BE4B-8D0DDA22CA8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "790DAB24-893A-463F-8358-171DACD75074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3645A1A8-4945-447F-A968-101D5938F9C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "0E52C9B9-8F94-48D8-ADA6-96918F6AAD36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "3948FC2F-AF3B-4AF3-968D-F124D03A213A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.12:*:*:*:*:*:*:*",
"matchCriteriaId": "4BA44F9B-97D5-48C0-91E9-6D3FEC8B7773",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.13:*:*:*:*:*:*:*",
"matchCriteriaId": "7B414F88-6541-48C6-B9D6-4DDA035A0037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.14:*:*:*:*:*:*:*",
"matchCriteriaId": "66235C7F-D5EE-4989-8D24-6D0781954234",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.15:*:*:*:*:*:*:*",
"matchCriteriaId": "12E75B49-2419-4313-A648-B5283DA620E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.17:*:*:*:*:*:*:*",
"matchCriteriaId": "A2C07910-C462-46C1-83CB-39B3FD8D25BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.18:*:*:*:*:*:*:*",
"matchCriteriaId": "C6B9243E-31EF-48AB-BAB5-CCC3704A219F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.19:*:*:*:*:*:*:*",
"matchCriteriaId": "2BCB1D4B-F44C-41A1-90CA-62FD37003A1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.20:*:*:*:*:*:*:*",
"matchCriteriaId": "F623783F-46DF-454E-BD83-5D2AE35EA9B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.21:*:*:*:*:*:*:*",
"matchCriteriaId": "6BD9D35B-3E85-49FD-BA0A-D9020C5F280E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.22:*:*:*:*:*:*:*",
"matchCriteriaId": "A28CEEDF-FA40-4922-87A6-35DEBF184DC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.23:*:*:*:*:*:*:*",
"matchCriteriaId": "D4F08111-51B1-4866-8695-C0877FC77D0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.25:*:*:*:*:*:*:*",
"matchCriteriaId": "620EAB8D-3754-494D-9912-724A0FE1E80F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.26:*:*:*:*:*:*:*",
"matchCriteriaId": "ADBA74BD-EF83-4F29-8040-FB5B35D38C9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.27:*:*:*:*:*:*:*",
"matchCriteriaId": "A1E00BE6-B2B6-4C02-9510-1F3DCC081173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.28:*:*:*:*:*:*:*",
"matchCriteriaId": "A4D9E726-CF92-4DE5-8A04-02428328CC8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.29:*:*:*:*:*:*:*",
"matchCriteriaId": "5E1CAC4E-3CD6-4D0C-8544-9481E57FD338",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.30:*:*:*:*:*:*:*",
"matchCriteriaId": "D1D0F13A-D149-492D-A484-B7F4235B2DC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.31:*:*:*:*:*:*:*",
"matchCriteriaId": "160A9972-DCF2-46A9-8025-938C492E5A0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.32:*:*:*:*:*:*:*",
"matchCriteriaId": "43978845-CC25-4975-8155-AC0999A4268B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.33:*:*:*:*:*:*:*",
"matchCriteriaId": "7B1A6848-16B9-47EC-B7C8-7740086398F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.34:*:*:*:*:*:*:*",
"matchCriteriaId": "D9708D36-4A9B-484A-A627-69A85D66EDF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.35:*:*:*:*:*:*:*",
"matchCriteriaId": "F0AB1C89-79D2-4997-A00D-E6E62243278B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.36:*:*:*:*:*:*:*",
"matchCriteriaId": "C071EA95-4AE2-43DC-900F-3DDD38959754",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.37:*:*:*:*:*:*:*",
"matchCriteriaId": "A6FF1F58-580A-4035-9427-1B4E96FC9E9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.38:*:*:*:*:*:*:*",
"matchCriteriaId": "71499439-2748-4B4F-8659-AE4F67CCC8AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.39:*:*:*:*:*:*:*",
"matchCriteriaId": "50161ECB-FEEA-4E1C-8DF9-5F3F7D944895",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "85E08C11-76E1-4F91-8061-5DA1BABD8767",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B75A7F-EAAC-4D81-9A10-D8DB45828EC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FA53D5B4-75BF-445F-96AA-4DC308B76E64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6DD5D5D9-604D-4917-99D0-1F41784A6835",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6B2BF60D-EEEE-4F4C-A19F-108C78366089",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5EED880C-5EF5-4FEA-A4BD-58CA61C12A9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DDA80BA5-66B0-4A6C-B552-175DBB930EB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BCDBAF27-D5DC-4379-A76E-7BD2CD98EB5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D957FD98-C2B4-48C2-81A0-37B2581E9F52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0DADB2DA-A12F-426E-9DEB-3628B081F78D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "99C97080-9BD3-4F17-A0E4-80F9F4CD7DB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E764D26C-D2C4-496C-936F-BF6793BF7C70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.12:*:*:*:*:*:*:*",
"matchCriteriaId": "1E574EDD-AD33-4A00-8E14-76F0134EC00B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.13:*:*:*:*:*:*:*",
"matchCriteriaId": "A2274274-C1F8-4E42-AF7A-BDBF379E823E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.14:*:*:*:*:*:*:*",
"matchCriteriaId": "DCB25167-8350-4362-876C-690F5B5B057C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.15:*:*:*:*:*:*:*",
"matchCriteriaId": "28F89423-3AEE-475A-BBBA-B895D9732A14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.16:*:*:*:*:*:*:*",
"matchCriteriaId": "B4B5CB0D-09C9-4CB2-B842-CA68400CDAAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.17:*:*:*:*:*:*:*",
"matchCriteriaId": "F047032B-218E-41BF-9F46-4682D415960E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.18:*:*:*:*:*:*:*",
"matchCriteriaId": "B291CCA0-EAE5-4900-ABF3-9A9D76910BD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.19:*:*:*:*:*:*:*",
"matchCriteriaId": "DB8DAD87-111B-4F17-85CC-65C395851079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.20:*:*:*:*:*:*:*",
"matchCriteriaId": "248878D6-7987-4608-9A28-66F3F7EFB976",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "258FAFB4-2B67-456B-BE78-1562A3D5E9A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A2D55721-7B40-4277-9E5A-4A9688D12ADF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7B931453-BA62-45A2-8574-A590E2DE55DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BA7E6331-33BC-4F3D-86C7-4DDBCB2B3B91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9FCBC4AE-B126-4EF6-B75E-062423E3F161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "ED35AA0C-9427-492A-972A-D82972BBD9CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7412837F-8F31-48A5-81AF-51E7A4A40310",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6A8A33E4-AFCD-436B-8635-7F45F4B043F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "79217281-FDA5-44AD-82A9-7375F9562345",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E7FB48BC-5523-4B18-860C-A1DA648F2C1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2B630514-7848-435E-B9BD-9350BA671D95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "683152A4-2927-4735-8BFF-B9B499B44D15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "CC7AEA69-D9C5-4CE8-BD67-9E5E5E7EF343",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.12:*:*:*:*:*:*:*",
"matchCriteriaId": "ADD6F12D-6324-48E3-A508-70A7B122CA3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C015DE32-1D60-49EA-889D-B8FE453CF02E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA38C2BF-87DF-4452-AAA2-9E5A0D8A20E1",
"versionEndIncluding": "3.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The UAA /oauth/token endpoint in Pivotal Cloud Foundry (PCF) before 243; UAA 2.x before 2.7.4.8, 3.x before 3.3.0.6, and 3.4.x before 3.4.5; UAA BOSH before 11.7 and 12.x before 12.6; Elastic Runtime before 1.6.40, 1.7.x before 1.7.21, and 1.8.x before 1.8.2; and Ops Manager 1.7.x before 1.7.13 and 1.8.x before 1.8.1 allows remote authenticated users to gain privileges by leveraging possession of a token."
},
{
"lang": "es",
"value": "El dispositivo final UAA /oauth/token en Pivotal Cloud Foundry (PCF) en versiones anteriores a 243; UAA 2.x en versiones anteriores a 2.7.4.8, 3.x en versiones anteriores a 3.3.0.6 y 3.4.x en versiones anteriores a 3.4.5; UAA BOSH en versiones anteriores a 11.7 y 12.x en versiones anteriores a 12.6; Elastic Runtime en versiones anteriores a 1.6.40, 1.7.x en versiones anteriores a 1.7.21 y 1.8.x en versiones anteriores a 1.8.2 y Ops Manager 1.7.x en versiones anteriores a 1.7.13 y 1.8.x en versiones anteriores a 1.8.1 permite a usuarios remotos autenticados obtener privilegios aprovechando la posesi\u00f3n de un token."
}
],
"id": "CVE-2016-6651",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-09-30T00:59:04.337",
"references": [
{
"source": "security_alert@emc.com",
"url": "http://www.securityfocus.com/bid/93241"
},
{
"source": "security_alert@emc.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2016-6651"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/93241"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2016-6651"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-6637
Vulnerability from fkie_nvd - Published: 2016-09-30 00:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x before 2.7.4.7, 3.x before 3.3.0.5, and 3.4.x before 3.4.4; UAA BOSH before 11.5 and 12.x before 12.5; Elastic Runtime before 1.6.40, 1.7.x before 1.7.21, and 1.8.x before 1.8.2; and Ops Manager 1.7.x before 1.7.13 and 1.8.x before 1.8.1 allow remote attackers to hijack the authentication of unspecified victims for requests that approve or deny a scope via a profile or authorize approval page.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9251DFFD-6BD2-40FF-8EA2-E4AB4C9E3DAB",
"versionEndIncluding": "15.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry:*:*:*:*:*:*:*:*",
"matchCriteriaId": "27E43458-95D7-4A85-B8E7-3D452A9CFD25",
"versionEndIncluding": "241",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CC5918-BC38-46E3-8000-5FE87A65C0E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "36926681-35F4-4619-9613-155DEEEA3C8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "41FF3C2B-E96F-4DF7-A5C4-703206CB729E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F9CB3C2D-3080-4A3D-8D8D-1381B5D98920",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "782781EB-147C-4B00-84C5-1D8443BFA2D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "35A56755-EEB2-4C93-B180-3918A36965AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E4009F10-08AF-470B-B903-38B8A6DBF332",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2B2E8F04-53E6-4A3C-BE4B-8D0DDA22CA8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "790DAB24-893A-463F-8358-171DACD75074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3645A1A8-4945-447F-A968-101D5938F9C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "0E52C9B9-8F94-48D8-ADA6-96918F6AAD36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "3948FC2F-AF3B-4AF3-968D-F124D03A213A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.12:*:*:*:*:*:*:*",
"matchCriteriaId": "4BA44F9B-97D5-48C0-91E9-6D3FEC8B7773",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.13:*:*:*:*:*:*:*",
"matchCriteriaId": "7B414F88-6541-48C6-B9D6-4DDA035A0037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.14:*:*:*:*:*:*:*",
"matchCriteriaId": "66235C7F-D5EE-4989-8D24-6D0781954234",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.15:*:*:*:*:*:*:*",
"matchCriteriaId": "12E75B49-2419-4313-A648-B5283DA620E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.17:*:*:*:*:*:*:*",
"matchCriteriaId": "A2C07910-C462-46C1-83CB-39B3FD8D25BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.18:*:*:*:*:*:*:*",
"matchCriteriaId": "C6B9243E-31EF-48AB-BAB5-CCC3704A219F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.19:*:*:*:*:*:*:*",
"matchCriteriaId": "2BCB1D4B-F44C-41A1-90CA-62FD37003A1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.20:*:*:*:*:*:*:*",
"matchCriteriaId": "F623783F-46DF-454E-BD83-5D2AE35EA9B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.21:*:*:*:*:*:*:*",
"matchCriteriaId": "6BD9D35B-3E85-49FD-BA0A-D9020C5F280E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.22:*:*:*:*:*:*:*",
"matchCriteriaId": "A28CEEDF-FA40-4922-87A6-35DEBF184DC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.23:*:*:*:*:*:*:*",
"matchCriteriaId": "D4F08111-51B1-4866-8695-C0877FC77D0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.25:*:*:*:*:*:*:*",
"matchCriteriaId": "620EAB8D-3754-494D-9912-724A0FE1E80F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.26:*:*:*:*:*:*:*",
"matchCriteriaId": "ADBA74BD-EF83-4F29-8040-FB5B35D38C9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.27:*:*:*:*:*:*:*",
"matchCriteriaId": "A1E00BE6-B2B6-4C02-9510-1F3DCC081173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.28:*:*:*:*:*:*:*",
"matchCriteriaId": "A4D9E726-CF92-4DE5-8A04-02428328CC8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.29:*:*:*:*:*:*:*",
"matchCriteriaId": "5E1CAC4E-3CD6-4D0C-8544-9481E57FD338",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.30:*:*:*:*:*:*:*",
"matchCriteriaId": "D1D0F13A-D149-492D-A484-B7F4235B2DC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.31:*:*:*:*:*:*:*",
"matchCriteriaId": "160A9972-DCF2-46A9-8025-938C492E5A0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.32:*:*:*:*:*:*:*",
"matchCriteriaId": "43978845-CC25-4975-8155-AC0999A4268B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.33:*:*:*:*:*:*:*",
"matchCriteriaId": "7B1A6848-16B9-47EC-B7C8-7740086398F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.34:*:*:*:*:*:*:*",
"matchCriteriaId": "D9708D36-4A9B-484A-A627-69A85D66EDF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.35:*:*:*:*:*:*:*",
"matchCriteriaId": "F0AB1C89-79D2-4997-A00D-E6E62243278B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.36:*:*:*:*:*:*:*",
"matchCriteriaId": "C071EA95-4AE2-43DC-900F-3DDD38959754",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.37:*:*:*:*:*:*:*",
"matchCriteriaId": "A6FF1F58-580A-4035-9427-1B4E96FC9E9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.38:*:*:*:*:*:*:*",
"matchCriteriaId": "71499439-2748-4B4F-8659-AE4F67CCC8AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.39:*:*:*:*:*:*:*",
"matchCriteriaId": "50161ECB-FEEA-4E1C-8DF9-5F3F7D944895",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "85E08C11-76E1-4F91-8061-5DA1BABD8767",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B75A7F-EAAC-4D81-9A10-D8DB45828EC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FA53D5B4-75BF-445F-96AA-4DC308B76E64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6DD5D5D9-604D-4917-99D0-1F41784A6835",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6B2BF60D-EEEE-4F4C-A19F-108C78366089",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5EED880C-5EF5-4FEA-A4BD-58CA61C12A9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DDA80BA5-66B0-4A6C-B552-175DBB930EB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BCDBAF27-D5DC-4379-A76E-7BD2CD98EB5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D957FD98-C2B4-48C2-81A0-37B2581E9F52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0DADB2DA-A12F-426E-9DEB-3628B081F78D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "99C97080-9BD3-4F17-A0E4-80F9F4CD7DB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E764D26C-D2C4-496C-936F-BF6793BF7C70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.12:*:*:*:*:*:*:*",
"matchCriteriaId": "1E574EDD-AD33-4A00-8E14-76F0134EC00B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.13:*:*:*:*:*:*:*",
"matchCriteriaId": "A2274274-C1F8-4E42-AF7A-BDBF379E823E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.14:*:*:*:*:*:*:*",
"matchCriteriaId": "DCB25167-8350-4362-876C-690F5B5B057C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.15:*:*:*:*:*:*:*",
"matchCriteriaId": "28F89423-3AEE-475A-BBBA-B895D9732A14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.16:*:*:*:*:*:*:*",
"matchCriteriaId": "B4B5CB0D-09C9-4CB2-B842-CA68400CDAAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.17:*:*:*:*:*:*:*",
"matchCriteriaId": "F047032B-218E-41BF-9F46-4682D415960E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.18:*:*:*:*:*:*:*",
"matchCriteriaId": "B291CCA0-EAE5-4900-ABF3-9A9D76910BD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.19:*:*:*:*:*:*:*",
"matchCriteriaId": "DB8DAD87-111B-4F17-85CC-65C395851079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.20:*:*:*:*:*:*:*",
"matchCriteriaId": "248878D6-7987-4608-9A28-66F3F7EFB976",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "258FAFB4-2B67-456B-BE78-1562A3D5E9A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A2D55721-7B40-4277-9E5A-4A9688D12ADF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7B931453-BA62-45A2-8574-A590E2DE55DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BA7E6331-33BC-4F3D-86C7-4DDBCB2B3B91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9FCBC4AE-B126-4EF6-B75E-062423E3F161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "ED35AA0C-9427-492A-972A-D82972BBD9CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7412837F-8F31-48A5-81AF-51E7A4A40310",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6A8A33E4-AFCD-436B-8635-7F45F4B043F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "79217281-FDA5-44AD-82A9-7375F9562345",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E7FB48BC-5523-4B18-860C-A1DA648F2C1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2B630514-7848-435E-B9BD-9350BA671D95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "683152A4-2927-4735-8BFF-B9B499B44D15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "CC7AEA69-D9C5-4CE8-BD67-9E5E5E7EF343",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.12:*:*:*:*:*:*:*",
"matchCriteriaId": "ADD6F12D-6324-48E3-A508-70A7B122CA3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C015DE32-1D60-49EA-889D-B8FE453CF02E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "555D749F-4228-4B8C-8E0F-F9D6401E79B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "58AEF0BF-8073-435E-9AE1-07A7B0B4B497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "046215E7-464A-41E6-B310-9C56AB8A4243",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "99BAEFFA-DD36-4CE7-B8D5-906509346720",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8D624768-9C90-4BE3-8715-78CC408C02AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B604B862-5213-4A4D-9147-A5D90EF13923",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F0C8A2F1-A40D-4041-BF2B-59A8DC81581A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ACFDEF8D-9BE5-43ED-8E1D-2B63A1294EDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "504AA7E0-D1F5-4097-B53B-F0E36328B1EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0DCD6CB7-5D49-4897-8353-44E5B08D9375",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "916733EA-F51A-49E2-9D47-9B713B36C847",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "03D97B63-F59C-47FD-9919-3B543F0C4BE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2BF268FB-5CAA-4441-A5EA-F65080A65815",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "597CA1EF-4E57-4676-B772-239EFB684C5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1D44FEC0-341E-4AD4-B0BC-0B10FDB6DB8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CDB08635-4792-4483-8A5D-B07B3CC6E11B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EAF6E32B-0B37-47CB-A6B3-AC226DC7B032",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D410B4D-D427-4F18-8962-8E232378B2A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C5FE703B-B6E7-4936-B675-7FDCECD84A05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "423A1AAF-B173-4FCB-A34A-616A7EC178CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EEC3C020-A0A3-4D8D-ABFE-EA3C52FAB4D7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x before 2.7.4.7, 3.x before 3.3.0.5, and 3.4.x before 3.4.4; UAA BOSH before 11.5 and 12.x before 12.5; Elastic Runtime before 1.6.40, 1.7.x before 1.7.21, and 1.8.x before 1.8.2; and Ops Manager 1.7.x before 1.7.13 and 1.8.x before 1.8.1 allow remote attackers to hijack the authentication of unspecified victims for requests that approve or deny a scope via a profile or authorize approval page."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de CSRF en Pivotal Cloud Foundry (PCF) en versiones anteriores a 242; UAA 2.x en versiones anteriores a 2.7.4.7, 3.x en versiones anteriores a 3.3.0.5 y 3.4.x en versiones anteriores a 3.4.4; UAA BOSH en versiones anteriores a 11.5 y 12.x en versiones anteriores a 12.5; Elastic Runtime en versiones anteriores a 1.6.40, 1.7.x en versiones anteriores a 1.7.21 y 1.8.x en versiones anteriores a 1.8.2 y Ops Manager 1.7.x en versiones anteriores a 1.7.13 y 1.8.x en versiones anteriores a 1.8.1 permiten a atacantes remotos secuestrar la autenticaci\u00f3n de v\u00edctimas no especificadas para peticiones que aprueban o deniegan una extensi\u00f3n a trav\u00e9s de un perfil o autoriza una p\u00e1gina de aprobaci\u00f3n."
}
],
"id": "CVE-2016-6637",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-09-30T00:59:01.397",
"references": [
{
"source": "security_alert@emc.com",
"url": "http://www.securityfocus.com/bid/93245"
},
{
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2016-6637"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/93245"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2016-6637"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-6636
Vulnerability from fkie_nvd - Published: 2016-09-30 00:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
The OAuth authorization implementation in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x before 2.7.4.7, 3.x before 3.3.0.5, and 3.4.x before 3.4.4; UAA BOSH before 11.5 and 12.x before 12.5; Elastic Runtime before 1.6.40, 1.7.x before 1.7.21, and 1.8.x before 1.8.1; and Ops Manager 1.7.x before 1.7.13 and 1.8.x before 1.8.1 mishandles redirect_uri subdomains, which allows remote attackers to obtain implicit access tokens via a modified subdomain.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D172CC2-124E-4179-A82E-857290D32FE9",
"versionEndIncluding": "12.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry:*:*:*:*:*:*:*:*",
"matchCriteriaId": "27E43458-95D7-4A85-B8E7-3D452A9CFD25",
"versionEndIncluding": "241",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CC5918-BC38-46E3-8000-5FE87A65C0E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "36926681-35F4-4619-9613-155DEEEA3C8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "41FF3C2B-E96F-4DF7-A5C4-703206CB729E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F9CB3C2D-3080-4A3D-8D8D-1381B5D98920",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "782781EB-147C-4B00-84C5-1D8443BFA2D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "35A56755-EEB2-4C93-B180-3918A36965AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E4009F10-08AF-470B-B903-38B8A6DBF332",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2B2E8F04-53E6-4A3C-BE4B-8D0DDA22CA8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "790DAB24-893A-463F-8358-171DACD75074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3645A1A8-4945-447F-A968-101D5938F9C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "0E52C9B9-8F94-48D8-ADA6-96918F6AAD36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "3948FC2F-AF3B-4AF3-968D-F124D03A213A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.12:*:*:*:*:*:*:*",
"matchCriteriaId": "4BA44F9B-97D5-48C0-91E9-6D3FEC8B7773",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.13:*:*:*:*:*:*:*",
"matchCriteriaId": "7B414F88-6541-48C6-B9D6-4DDA035A0037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.14:*:*:*:*:*:*:*",
"matchCriteriaId": "66235C7F-D5EE-4989-8D24-6D0781954234",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.15:*:*:*:*:*:*:*",
"matchCriteriaId": "12E75B49-2419-4313-A648-B5283DA620E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.17:*:*:*:*:*:*:*",
"matchCriteriaId": "A2C07910-C462-46C1-83CB-39B3FD8D25BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.18:*:*:*:*:*:*:*",
"matchCriteriaId": "C6B9243E-31EF-48AB-BAB5-CCC3704A219F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.19:*:*:*:*:*:*:*",
"matchCriteriaId": "2BCB1D4B-F44C-41A1-90CA-62FD37003A1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.20:*:*:*:*:*:*:*",
"matchCriteriaId": "F623783F-46DF-454E-BD83-5D2AE35EA9B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.21:*:*:*:*:*:*:*",
"matchCriteriaId": "6BD9D35B-3E85-49FD-BA0A-D9020C5F280E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.22:*:*:*:*:*:*:*",
"matchCriteriaId": "A28CEEDF-FA40-4922-87A6-35DEBF184DC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.23:*:*:*:*:*:*:*",
"matchCriteriaId": "D4F08111-51B1-4866-8695-C0877FC77D0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.25:*:*:*:*:*:*:*",
"matchCriteriaId": "620EAB8D-3754-494D-9912-724A0FE1E80F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.26:*:*:*:*:*:*:*",
"matchCriteriaId": "ADBA74BD-EF83-4F29-8040-FB5B35D38C9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.27:*:*:*:*:*:*:*",
"matchCriteriaId": "A1E00BE6-B2B6-4C02-9510-1F3DCC081173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.28:*:*:*:*:*:*:*",
"matchCriteriaId": "A4D9E726-CF92-4DE5-8A04-02428328CC8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.29:*:*:*:*:*:*:*",
"matchCriteriaId": "5E1CAC4E-3CD6-4D0C-8544-9481E57FD338",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.30:*:*:*:*:*:*:*",
"matchCriteriaId": "D1D0F13A-D149-492D-A484-B7F4235B2DC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.31:*:*:*:*:*:*:*",
"matchCriteriaId": "160A9972-DCF2-46A9-8025-938C492E5A0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.32:*:*:*:*:*:*:*",
"matchCriteriaId": "43978845-CC25-4975-8155-AC0999A4268B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.33:*:*:*:*:*:*:*",
"matchCriteriaId": "7B1A6848-16B9-47EC-B7C8-7740086398F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.34:*:*:*:*:*:*:*",
"matchCriteriaId": "D9708D36-4A9B-484A-A627-69A85D66EDF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.35:*:*:*:*:*:*:*",
"matchCriteriaId": "F0AB1C89-79D2-4997-A00D-E6E62243278B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.36:*:*:*:*:*:*:*",
"matchCriteriaId": "C071EA95-4AE2-43DC-900F-3DDD38959754",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.37:*:*:*:*:*:*:*",
"matchCriteriaId": "A6FF1F58-580A-4035-9427-1B4E96FC9E9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.38:*:*:*:*:*:*:*",
"matchCriteriaId": "71499439-2748-4B4F-8659-AE4F67CCC8AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.39:*:*:*:*:*:*:*",
"matchCriteriaId": "50161ECB-FEEA-4E1C-8DF9-5F3F7D944895",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "85E08C11-76E1-4F91-8061-5DA1BABD8767",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B75A7F-EAAC-4D81-9A10-D8DB45828EC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FA53D5B4-75BF-445F-96AA-4DC308B76E64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6DD5D5D9-604D-4917-99D0-1F41784A6835",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6B2BF60D-EEEE-4F4C-A19F-108C78366089",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5EED880C-5EF5-4FEA-A4BD-58CA61C12A9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DDA80BA5-66B0-4A6C-B552-175DBB930EB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BCDBAF27-D5DC-4379-A76E-7BD2CD98EB5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D957FD98-C2B4-48C2-81A0-37B2581E9F52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0DADB2DA-A12F-426E-9DEB-3628B081F78D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "99C97080-9BD3-4F17-A0E4-80F9F4CD7DB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E764D26C-D2C4-496C-936F-BF6793BF7C70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.12:*:*:*:*:*:*:*",
"matchCriteriaId": "1E574EDD-AD33-4A00-8E14-76F0134EC00B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.13:*:*:*:*:*:*:*",
"matchCriteriaId": "A2274274-C1F8-4E42-AF7A-BDBF379E823E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.14:*:*:*:*:*:*:*",
"matchCriteriaId": "DCB25167-8350-4362-876C-690F5B5B057C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.15:*:*:*:*:*:*:*",
"matchCriteriaId": "28F89423-3AEE-475A-BBBA-B895D9732A14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.16:*:*:*:*:*:*:*",
"matchCriteriaId": "B4B5CB0D-09C9-4CB2-B842-CA68400CDAAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.17:*:*:*:*:*:*:*",
"matchCriteriaId": "F047032B-218E-41BF-9F46-4682D415960E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.18:*:*:*:*:*:*:*",
"matchCriteriaId": "B291CCA0-EAE5-4900-ABF3-9A9D76910BD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.19:*:*:*:*:*:*:*",
"matchCriteriaId": "DB8DAD87-111B-4F17-85CC-65C395851079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.20:*:*:*:*:*:*:*",
"matchCriteriaId": "248878D6-7987-4608-9A28-66F3F7EFB976",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "258FAFB4-2B67-456B-BE78-1562A3D5E9A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A2D55721-7B40-4277-9E5A-4A9688D12ADF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7B931453-BA62-45A2-8574-A590E2DE55DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BA7E6331-33BC-4F3D-86C7-4DDBCB2B3B91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9FCBC4AE-B126-4EF6-B75E-062423E3F161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "ED35AA0C-9427-492A-972A-D82972BBD9CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7412837F-8F31-48A5-81AF-51E7A4A40310",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6A8A33E4-AFCD-436B-8635-7F45F4B043F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "79217281-FDA5-44AD-82A9-7375F9562345",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E7FB48BC-5523-4B18-860C-A1DA648F2C1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2B630514-7848-435E-B9BD-9350BA671D95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "683152A4-2927-4735-8BFF-B9B499B44D15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "CC7AEA69-D9C5-4CE8-BD67-9E5E5E7EF343",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.12:*:*:*:*:*:*:*",
"matchCriteriaId": "ADD6F12D-6324-48E3-A508-70A7B122CA3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C015DE32-1D60-49EA-889D-B8FE453CF02E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "555D749F-4228-4B8C-8E0F-F9D6401E79B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "58AEF0BF-8073-435E-9AE1-07A7B0B4B497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "046215E7-464A-41E6-B310-9C56AB8A4243",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "99BAEFFA-DD36-4CE7-B8D5-906509346720",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8D624768-9C90-4BE3-8715-78CC408C02AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B604B862-5213-4A4D-9147-A5D90EF13923",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F0C8A2F1-A40D-4041-BF2B-59A8DC81581A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ACFDEF8D-9BE5-43ED-8E1D-2B63A1294EDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "504AA7E0-D1F5-4097-B53B-F0E36328B1EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0DCD6CB7-5D49-4897-8353-44E5B08D9375",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "916733EA-F51A-49E2-9D47-9B713B36C847",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "03D97B63-F59C-47FD-9919-3B543F0C4BE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2BF268FB-5CAA-4441-A5EA-F65080A65815",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "597CA1EF-4E57-4676-B772-239EFB684C5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1D44FEC0-341E-4AD4-B0BC-0B10FDB6DB8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CDB08635-4792-4483-8A5D-B07B3CC6E11B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EAF6E32B-0B37-47CB-A6B3-AC226DC7B032",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D410B4D-D427-4F18-8962-8E232378B2A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C5FE703B-B6E7-4936-B675-7FDCECD84A05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "423A1AAF-B173-4FCB-A34A-616A7EC178CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EEC3C020-A0A3-4D8D-ABFE-EA3C52FAB4D7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The OAuth authorization implementation in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x before 2.7.4.7, 3.x before 3.3.0.5, and 3.4.x before 3.4.4; UAA BOSH before 11.5 and 12.x before 12.5; Elastic Runtime before 1.6.40, 1.7.x before 1.7.21, and 1.8.x before 1.8.1; and Ops Manager 1.7.x before 1.7.13 and 1.8.x before 1.8.1 mishandles redirect_uri subdomains, which allows remote attackers to obtain implicit access tokens via a modified subdomain."
},
{
"lang": "es",
"value": "La implementaci\u00f3n de autorizaci\u00f3n OAuth en Pivotal Cloud Foundry (PCF) en versiones anteriores a 242; UAA 2.x en versiones anteriores a 2.7.4.7, 3.x en versiones anteriores a 3.3.0.5 y 3.4.x en versiones anteriores a 3.4.4; UAA BOSH en versiones anteriores a 11.5 y 12.x en versiones anteriores a 12.5; Elastic Runtime en versiones anteriores a 1.6.40, 1.7.x en versiones anteriores a 1.7.21 y 1.8.x en versiones anteriores a 1.8.1 y Ops Manager 1.7.x en versiones anteriores a 1.7.13 y 1.8.x en versiones anteriores a 1.8.1 no maneja adecuadamente subdominios redirect_uri, lo que permite a atacantes remotos obtener tokens de acceso impl\u00edcito a trav\u00e9s de un subdominio modificado."
}
],
"id": "CVE-2016-6636",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-09-30T00:59:00.180",
"references": [
{
"source": "security_alert@emc.com",
"url": "http://www.securityfocus.com/bid/93246"
},
{
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2016-6636"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/93246"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2016-6636"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2016-4468 (GCVE-0-2016-4468)
Vulnerability from cvelistv5 – Published: 2017-04-11 15:00 – Updated: 2024-08-06 00:32
VLAI?
Summary
SQL injection vulnerability in Pivotal Cloud Foundry (PCF) before 238; UAA 2.x before 2.7.4.4, 3.x before 3.3.0.2, and 3.4.x before 3.4.1; UAA BOSH before 11.2 and 12.x before 12.2; Elastic Runtime before 1.6.29 and 1.7.x before 1.7.7; and Ops Manager 1.7.x before 1.7.8 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:32:25.512Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[cf-dev] 20160630 CVE-2016-4468 UAA SQL Injection",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.cloudfoundry.org/archives/list/cf-dev%40lists.cloudfoundry.org/thread/WMTZBIH5U7DTOOX2SNRVTPQI3U2AINOB/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2016-4468"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-06-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Pivotal Cloud Foundry (PCF) before 238; UAA 2.x before 2.7.4.4, 3.x before 3.3.0.2, and 3.4.x before 3.4.1; UAA BOSH before 11.2 and 12.x before 12.2; Elastic Runtime before 1.6.29 and 1.7.x before 1.7.7; and Ops Manager 1.7.x before 1.7.8 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-11T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[cf-dev] 20160630 CVE-2016-4468 UAA SQL Injection",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.cloudfoundry.org/archives/list/cf-dev%40lists.cloudfoundry.org/thread/WMTZBIH5U7DTOOX2SNRVTPQI3U2AINOB/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2016-4468"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-4468",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in Pivotal Cloud Foundry (PCF) before 238; UAA 2.x before 2.7.4.4, 3.x before 3.3.0.2, and 3.4.x before 3.4.1; UAA BOSH before 11.2 and 12.x before 12.2; Elastic Runtime before 1.6.29 and 1.7.x before 1.7.7; and Ops Manager 1.7.x before 1.7.8 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[cf-dev] 20160630 CVE-2016-4468 UAA SQL Injection",
"refsource": "MLIST",
"url": "https://lists.cloudfoundry.org/archives/list/cf-dev@lists.cloudfoundry.org/thread/WMTZBIH5U7DTOOX2SNRVTPQI3U2AINOB/"
},
{
"name": "https://pivotal.io/security/cve-2016-4468",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2016-4468"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-4468",
"datePublished": "2017-04-11T15:00:00",
"dateReserved": "2016-05-02T00:00:00",
"dateUpdated": "2024-08-06T00:32:25.512Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6657 (GCVE-0-2016-6657)
Vulnerability from cvelistv5 – Published: 2016-12-16 09:02 – Updated: 2024-08-06 01:36
VLAI?
Summary
An open redirect vulnerability has been detected with some Pivotal Cloud Foundry Elastic Runtime components. Users of affected versions should apply the following mitigation: Upgrade PCF Elastic Runtime 1.8.x versions to 1.8.12 or later. Upgrade PCF Ops Manager 1.7.x versions to 1.7.18 or later and 1.8.x versions to 1.8.10 or later.
Severity ?
No CVSS data available.
CWE
- Open redirect vulnerability
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | PCF Elastic Runtime 1.8.x versions prior to 1.8.12 and PCF Ops Manager 1.7.x versions prior to 1.7.18 and 1.8.x versions prior to 1.8.10 |
Affected:
PCF Elastic Runtime 1.8.x versions prior to 1.8.12 and PCF Ops Manager 1.7.x versions prior to 1.7.18 and 1.8.x versions prior to 1.8.10
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:36:29.434Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2016-6657"
},
{
"name": "94126",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94126"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PCF Elastic Runtime 1.8.x versions prior to 1.8.12 and PCF Ops Manager 1.7.x versions prior to 1.7.18 and 1.8.x versions prior to 1.8.10",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "PCF Elastic Runtime 1.8.x versions prior to 1.8.12 and PCF Ops Manager 1.7.x versions prior to 1.7.18 and 1.8.x versions prior to 1.8.10"
}
]
}
],
"datePublic": "2016-12-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An open redirect vulnerability has been detected with some Pivotal Cloud Foundry Elastic Runtime components. Users of affected versions should apply the following mitigation: Upgrade PCF Elastic Runtime 1.8.x versions to 1.8.12 or later. Upgrade PCF Ops Manager 1.7.x versions to 1.7.18 or later and 1.8.x versions to 1.8.10 or later."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Open redirect vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-16T10:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2016-6657"
},
{
"name": "94126",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94126"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2016-6657",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PCF Elastic Runtime 1.8.x versions prior to 1.8.12 and PCF Ops Manager 1.7.x versions prior to 1.7.18 and 1.8.x versions prior to 1.8.10",
"version": {
"version_data": [
{
"version_value": "PCF Elastic Runtime 1.8.x versions prior to 1.8.12 and PCF Ops Manager 1.7.x versions prior to 1.7.18 and 1.8.x versions prior to 1.8.10"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An open redirect vulnerability has been detected with some Pivotal Cloud Foundry Elastic Runtime components. Users of affected versions should apply the following mitigation: Upgrade PCF Elastic Runtime 1.8.x versions to 1.8.12 or later. Upgrade PCF Ops Manager 1.7.x versions to 1.7.18 or later and 1.8.x versions to 1.8.10 or later."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Open redirect vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pivotal.io/security/cve-2016-6657",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2016-6657"
},
{
"name": "94126",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94126"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2016-6657",
"datePublished": "2016-12-16T09:02:00",
"dateReserved": "2016-08-10T00:00:00",
"dateUpdated": "2024-08-06T01:36:29.434Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6636 (GCVE-0-2016-6636)
Vulnerability from cvelistv5 – Published: 2016-09-30 00:00 – Updated: 2024-08-06 01:36
VLAI?
Summary
The OAuth authorization implementation in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x before 2.7.4.7, 3.x before 3.3.0.5, and 3.4.x before 3.4.4; UAA BOSH before 11.5 and 12.x before 12.5; Elastic Runtime before 1.6.40, 1.7.x before 1.7.21, and 1.8.x before 1.8.1; and Ops Manager 1.7.x before 1.7.13 and 1.8.x before 1.8.1 mishandles redirect_uri subdomains, which allows remote attackers to obtain implicit access tokens via a modified subdomain.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:36:29.094Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "93246",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93246"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2016-6636"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The OAuth authorization implementation in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x before 2.7.4.7, 3.x before 3.3.0.5, and 3.4.x before 3.4.4; UAA BOSH before 11.5 and 12.x before 12.5; Elastic Runtime before 1.6.40, 1.7.x before 1.7.21, and 1.8.x before 1.8.1; and Ops Manager 1.7.x before 1.7.13 and 1.8.x before 1.8.1 mishandles redirect_uri subdomains, which allows remote attackers to obtain implicit access tokens via a modified subdomain."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "93246",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93246"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2016-6636"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2016-6636",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The OAuth authorization implementation in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x before 2.7.4.7, 3.x before 3.3.0.5, and 3.4.x before 3.4.4; UAA BOSH before 11.5 and 12.x before 12.5; Elastic Runtime before 1.6.40, 1.7.x before 1.7.21, and 1.8.x before 1.8.1; and Ops Manager 1.7.x before 1.7.13 and 1.8.x before 1.8.1 mishandles redirect_uri subdomains, which allows remote attackers to obtain implicit access tokens via a modified subdomain."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "93246",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93246"
},
{
"name": "https://pivotal.io/security/cve-2016-6636",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2016-6636"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2016-6636",
"datePublished": "2016-09-30T00:00:00",
"dateReserved": "2016-08-10T00:00:00",
"dateUpdated": "2024-08-06T01:36:29.094Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6637 (GCVE-0-2016-6637)
Vulnerability from cvelistv5 – Published: 2016-09-30 00:00 – Updated: 2024-08-06 01:36
VLAI?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x before 2.7.4.7, 3.x before 3.3.0.5, and 3.4.x before 3.4.4; UAA BOSH before 11.5 and 12.x before 12.5; Elastic Runtime before 1.6.40, 1.7.x before 1.7.21, and 1.8.x before 1.8.2; and Ops Manager 1.7.x before 1.7.13 and 1.8.x before 1.8.1 allow remote attackers to hijack the authentication of unspecified victims for requests that approve or deny a scope via a profile or authorize approval page.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:36:29.442Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "93245",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93245"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2016-6637"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x before 2.7.4.7, 3.x before 3.3.0.5, and 3.4.x before 3.4.4; UAA BOSH before 11.5 and 12.x before 12.5; Elastic Runtime before 1.6.40, 1.7.x before 1.7.21, and 1.8.x before 1.8.2; and Ops Manager 1.7.x before 1.7.13 and 1.8.x before 1.8.1 allow remote attackers to hijack the authentication of unspecified victims for requests that approve or deny a scope via a profile or authorize approval page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "93245",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93245"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2016-6637"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2016-6637",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x before 2.7.4.7, 3.x before 3.3.0.5, and 3.4.x before 3.4.4; UAA BOSH before 11.5 and 12.x before 12.5; Elastic Runtime before 1.6.40, 1.7.x before 1.7.21, and 1.8.x before 1.8.2; and Ops Manager 1.7.x before 1.7.13 and 1.8.x before 1.8.1 allow remote attackers to hijack the authentication of unspecified victims for requests that approve or deny a scope via a profile or authorize approval page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "93245",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93245"
},
{
"name": "https://pivotal.io/security/cve-2016-6637",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2016-6637"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2016-6637",
"datePublished": "2016-09-30T00:00:00",
"dateReserved": "2016-08-10T00:00:00",
"dateUpdated": "2024-08-06T01:36:29.442Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6651 (GCVE-0-2016-6651)
Vulnerability from cvelistv5 – Published: 2016-09-30 00:00 – Updated: 2024-08-06 01:36
VLAI?
Summary
The UAA /oauth/token endpoint in Pivotal Cloud Foundry (PCF) before 243; UAA 2.x before 2.7.4.8, 3.x before 3.3.0.6, and 3.4.x before 3.4.5; UAA BOSH before 11.7 and 12.x before 12.6; Elastic Runtime before 1.6.40, 1.7.x before 1.7.21, and 1.8.x before 1.8.2; and Ops Manager 1.7.x before 1.7.13 and 1.8.x before 1.8.1 allows remote authenticated users to gain privileges by leveraging possession of a token.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:36:29.550Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "93241",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93241"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2016-6651"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The UAA /oauth/token endpoint in Pivotal Cloud Foundry (PCF) before 243; UAA 2.x before 2.7.4.8, 3.x before 3.3.0.6, and 3.4.x before 3.4.5; UAA BOSH before 11.7 and 12.x before 12.6; Elastic Runtime before 1.6.40, 1.7.x before 1.7.21, and 1.8.x before 1.8.2; and Ops Manager 1.7.x before 1.7.13 and 1.8.x before 1.8.1 allows remote authenticated users to gain privileges by leveraging possession of a token."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "93241",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93241"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2016-6651"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2016-6651",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The UAA /oauth/token endpoint in Pivotal Cloud Foundry (PCF) before 243; UAA 2.x before 2.7.4.8, 3.x before 3.3.0.6, and 3.4.x before 3.4.5; UAA BOSH before 11.7 and 12.x before 12.6; Elastic Runtime before 1.6.40, 1.7.x before 1.7.21, and 1.8.x before 1.8.2; and Ops Manager 1.7.x before 1.7.13 and 1.8.x before 1.8.1 allows remote authenticated users to gain privileges by leveraging possession of a token."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "93241",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93241"
},
{
"name": "https://pivotal.io/security/cve-2016-6651",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2016-6651"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2016-6651",
"datePublished": "2016-09-30T00:00:00",
"dateReserved": "2016-08-10T00:00:00",
"dateUpdated": "2024-08-06T01:36:29.550Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-4468 (GCVE-0-2016-4468)
Vulnerability from nvd – Published: 2017-04-11 15:00 – Updated: 2024-08-06 00:32
VLAI?
Summary
SQL injection vulnerability in Pivotal Cloud Foundry (PCF) before 238; UAA 2.x before 2.7.4.4, 3.x before 3.3.0.2, and 3.4.x before 3.4.1; UAA BOSH before 11.2 and 12.x before 12.2; Elastic Runtime before 1.6.29 and 1.7.x before 1.7.7; and Ops Manager 1.7.x before 1.7.8 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:32:25.512Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[cf-dev] 20160630 CVE-2016-4468 UAA SQL Injection",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.cloudfoundry.org/archives/list/cf-dev%40lists.cloudfoundry.org/thread/WMTZBIH5U7DTOOX2SNRVTPQI3U2AINOB/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2016-4468"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-06-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Pivotal Cloud Foundry (PCF) before 238; UAA 2.x before 2.7.4.4, 3.x before 3.3.0.2, and 3.4.x before 3.4.1; UAA BOSH before 11.2 and 12.x before 12.2; Elastic Runtime before 1.6.29 and 1.7.x before 1.7.7; and Ops Manager 1.7.x before 1.7.8 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-11T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[cf-dev] 20160630 CVE-2016-4468 UAA SQL Injection",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.cloudfoundry.org/archives/list/cf-dev%40lists.cloudfoundry.org/thread/WMTZBIH5U7DTOOX2SNRVTPQI3U2AINOB/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2016-4468"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-4468",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in Pivotal Cloud Foundry (PCF) before 238; UAA 2.x before 2.7.4.4, 3.x before 3.3.0.2, and 3.4.x before 3.4.1; UAA BOSH before 11.2 and 12.x before 12.2; Elastic Runtime before 1.6.29 and 1.7.x before 1.7.7; and Ops Manager 1.7.x before 1.7.8 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[cf-dev] 20160630 CVE-2016-4468 UAA SQL Injection",
"refsource": "MLIST",
"url": "https://lists.cloudfoundry.org/archives/list/cf-dev@lists.cloudfoundry.org/thread/WMTZBIH5U7DTOOX2SNRVTPQI3U2AINOB/"
},
{
"name": "https://pivotal.io/security/cve-2016-4468",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2016-4468"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-4468",
"datePublished": "2017-04-11T15:00:00",
"dateReserved": "2016-05-02T00:00:00",
"dateUpdated": "2024-08-06T00:32:25.512Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6657 (GCVE-0-2016-6657)
Vulnerability from nvd – Published: 2016-12-16 09:02 – Updated: 2024-08-06 01:36
VLAI?
Summary
An open redirect vulnerability has been detected with some Pivotal Cloud Foundry Elastic Runtime components. Users of affected versions should apply the following mitigation: Upgrade PCF Elastic Runtime 1.8.x versions to 1.8.12 or later. Upgrade PCF Ops Manager 1.7.x versions to 1.7.18 or later and 1.8.x versions to 1.8.10 or later.
Severity ?
No CVSS data available.
CWE
- Open redirect vulnerability
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | PCF Elastic Runtime 1.8.x versions prior to 1.8.12 and PCF Ops Manager 1.7.x versions prior to 1.7.18 and 1.8.x versions prior to 1.8.10 |
Affected:
PCF Elastic Runtime 1.8.x versions prior to 1.8.12 and PCF Ops Manager 1.7.x versions prior to 1.7.18 and 1.8.x versions prior to 1.8.10
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:36:29.434Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2016-6657"
},
{
"name": "94126",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94126"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PCF Elastic Runtime 1.8.x versions prior to 1.8.12 and PCF Ops Manager 1.7.x versions prior to 1.7.18 and 1.8.x versions prior to 1.8.10",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "PCF Elastic Runtime 1.8.x versions prior to 1.8.12 and PCF Ops Manager 1.7.x versions prior to 1.7.18 and 1.8.x versions prior to 1.8.10"
}
]
}
],
"datePublic": "2016-12-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An open redirect vulnerability has been detected with some Pivotal Cloud Foundry Elastic Runtime components. Users of affected versions should apply the following mitigation: Upgrade PCF Elastic Runtime 1.8.x versions to 1.8.12 or later. Upgrade PCF Ops Manager 1.7.x versions to 1.7.18 or later and 1.8.x versions to 1.8.10 or later."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Open redirect vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-16T10:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2016-6657"
},
{
"name": "94126",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94126"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2016-6657",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PCF Elastic Runtime 1.8.x versions prior to 1.8.12 and PCF Ops Manager 1.7.x versions prior to 1.7.18 and 1.8.x versions prior to 1.8.10",
"version": {
"version_data": [
{
"version_value": "PCF Elastic Runtime 1.8.x versions prior to 1.8.12 and PCF Ops Manager 1.7.x versions prior to 1.7.18 and 1.8.x versions prior to 1.8.10"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An open redirect vulnerability has been detected with some Pivotal Cloud Foundry Elastic Runtime components. Users of affected versions should apply the following mitigation: Upgrade PCF Elastic Runtime 1.8.x versions to 1.8.12 or later. Upgrade PCF Ops Manager 1.7.x versions to 1.7.18 or later and 1.8.x versions to 1.8.10 or later."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Open redirect vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pivotal.io/security/cve-2016-6657",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2016-6657"
},
{
"name": "94126",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94126"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2016-6657",
"datePublished": "2016-12-16T09:02:00",
"dateReserved": "2016-08-10T00:00:00",
"dateUpdated": "2024-08-06T01:36:29.434Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6636 (GCVE-0-2016-6636)
Vulnerability from nvd – Published: 2016-09-30 00:00 – Updated: 2024-08-06 01:36
VLAI?
Summary
The OAuth authorization implementation in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x before 2.7.4.7, 3.x before 3.3.0.5, and 3.4.x before 3.4.4; UAA BOSH before 11.5 and 12.x before 12.5; Elastic Runtime before 1.6.40, 1.7.x before 1.7.21, and 1.8.x before 1.8.1; and Ops Manager 1.7.x before 1.7.13 and 1.8.x before 1.8.1 mishandles redirect_uri subdomains, which allows remote attackers to obtain implicit access tokens via a modified subdomain.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:36:29.094Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "93246",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93246"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2016-6636"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The OAuth authorization implementation in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x before 2.7.4.7, 3.x before 3.3.0.5, and 3.4.x before 3.4.4; UAA BOSH before 11.5 and 12.x before 12.5; Elastic Runtime before 1.6.40, 1.7.x before 1.7.21, and 1.8.x before 1.8.1; and Ops Manager 1.7.x before 1.7.13 and 1.8.x before 1.8.1 mishandles redirect_uri subdomains, which allows remote attackers to obtain implicit access tokens via a modified subdomain."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "93246",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93246"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2016-6636"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2016-6636",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The OAuth authorization implementation in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x before 2.7.4.7, 3.x before 3.3.0.5, and 3.4.x before 3.4.4; UAA BOSH before 11.5 and 12.x before 12.5; Elastic Runtime before 1.6.40, 1.7.x before 1.7.21, and 1.8.x before 1.8.1; and Ops Manager 1.7.x before 1.7.13 and 1.8.x before 1.8.1 mishandles redirect_uri subdomains, which allows remote attackers to obtain implicit access tokens via a modified subdomain."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "93246",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93246"
},
{
"name": "https://pivotal.io/security/cve-2016-6636",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2016-6636"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2016-6636",
"datePublished": "2016-09-30T00:00:00",
"dateReserved": "2016-08-10T00:00:00",
"dateUpdated": "2024-08-06T01:36:29.094Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6637 (GCVE-0-2016-6637)
Vulnerability from nvd – Published: 2016-09-30 00:00 – Updated: 2024-08-06 01:36
VLAI?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x before 2.7.4.7, 3.x before 3.3.0.5, and 3.4.x before 3.4.4; UAA BOSH before 11.5 and 12.x before 12.5; Elastic Runtime before 1.6.40, 1.7.x before 1.7.21, and 1.8.x before 1.8.2; and Ops Manager 1.7.x before 1.7.13 and 1.8.x before 1.8.1 allow remote attackers to hijack the authentication of unspecified victims for requests that approve or deny a scope via a profile or authorize approval page.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:36:29.442Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "93245",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93245"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2016-6637"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x before 2.7.4.7, 3.x before 3.3.0.5, and 3.4.x before 3.4.4; UAA BOSH before 11.5 and 12.x before 12.5; Elastic Runtime before 1.6.40, 1.7.x before 1.7.21, and 1.8.x before 1.8.2; and Ops Manager 1.7.x before 1.7.13 and 1.8.x before 1.8.1 allow remote attackers to hijack the authentication of unspecified victims for requests that approve or deny a scope via a profile or authorize approval page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "93245",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93245"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2016-6637"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2016-6637",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x before 2.7.4.7, 3.x before 3.3.0.5, and 3.4.x before 3.4.4; UAA BOSH before 11.5 and 12.x before 12.5; Elastic Runtime before 1.6.40, 1.7.x before 1.7.21, and 1.8.x before 1.8.2; and Ops Manager 1.7.x before 1.7.13 and 1.8.x before 1.8.1 allow remote attackers to hijack the authentication of unspecified victims for requests that approve or deny a scope via a profile or authorize approval page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "93245",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93245"
},
{
"name": "https://pivotal.io/security/cve-2016-6637",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2016-6637"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2016-6637",
"datePublished": "2016-09-30T00:00:00",
"dateReserved": "2016-08-10T00:00:00",
"dateUpdated": "2024-08-06T01:36:29.442Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6651 (GCVE-0-2016-6651)
Vulnerability from nvd – Published: 2016-09-30 00:00 – Updated: 2024-08-06 01:36
VLAI?
Summary
The UAA /oauth/token endpoint in Pivotal Cloud Foundry (PCF) before 243; UAA 2.x before 2.7.4.8, 3.x before 3.3.0.6, and 3.4.x before 3.4.5; UAA BOSH before 11.7 and 12.x before 12.6; Elastic Runtime before 1.6.40, 1.7.x before 1.7.21, and 1.8.x before 1.8.2; and Ops Manager 1.7.x before 1.7.13 and 1.8.x before 1.8.1 allows remote authenticated users to gain privileges by leveraging possession of a token.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:36:29.550Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "93241",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93241"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2016-6651"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The UAA /oauth/token endpoint in Pivotal Cloud Foundry (PCF) before 243; UAA 2.x before 2.7.4.8, 3.x before 3.3.0.6, and 3.4.x before 3.4.5; UAA BOSH before 11.7 and 12.x before 12.6; Elastic Runtime before 1.6.40, 1.7.x before 1.7.21, and 1.8.x before 1.8.2; and Ops Manager 1.7.x before 1.7.13 and 1.8.x before 1.8.1 allows remote authenticated users to gain privileges by leveraging possession of a token."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "93241",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93241"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2016-6651"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2016-6651",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The UAA /oauth/token endpoint in Pivotal Cloud Foundry (PCF) before 243; UAA 2.x before 2.7.4.8, 3.x before 3.3.0.6, and 3.4.x before 3.4.5; UAA BOSH before 11.7 and 12.x before 12.6; Elastic Runtime before 1.6.40, 1.7.x before 1.7.21, and 1.8.x before 1.8.2; and Ops Manager 1.7.x before 1.7.13 and 1.8.x before 1.8.1 allows remote authenticated users to gain privileges by leveraging possession of a token."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "93241",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93241"
},
{
"name": "https://pivotal.io/security/cve-2016-6651",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2016-6651"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2016-6651",
"datePublished": "2016-09-30T00:00:00",
"dateReserved": "2016-08-10T00:00:00",
"dateUpdated": "2024-08-06T01:36:29.550Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}