8.8
CVE-2016-0732
- EPSS 0.41%
- Published 07.09.2017 13:29:00
- Last modified 20.04.2025 01:37:25
- Source secalert@redhat.com
- Teams watchlist Login
- Open Login
The identity zones feature in Pivotal Cloud Foundry 208 through 229; UAA 2.0.0 through 2.7.3 and 3.0.0; UAA-Release 2 through 4, when configured with multiple identity zones; and Elastic Runtime 1.6.0 through 1.6.13 allows remote authenticated users with privileges in one zone to gain privileges and perform operations on a different zone via unspecified vectors.
Data is provided by the National Vulnerability Database (NVD)
Cloudfoundry ≫ Cf-release Version >= 208 <= 229
Cloudfoundry ≫ User Account And Authentication Version2.0.0
Cloudfoundry ≫ User Account And Authentication Version2.0.1
Cloudfoundry ≫ User Account And Authentication Version2.0.2
Cloudfoundry ≫ User Account And Authentication Version2.0.3
Cloudfoundry ≫ User Account And Authentication Version2.1.0
Cloudfoundry ≫ User Account And Authentication Version2.2.0
Cloudfoundry ≫ User Account And Authentication Version2.2.1
Cloudfoundry ≫ User Account And Authentication Version2.2.2
Cloudfoundry ≫ User Account And Authentication Version2.2.3
Cloudfoundry ≫ User Account And Authentication Version2.2.4
Cloudfoundry ≫ User Account And Authentication Version2.2.4.1
Cloudfoundry ≫ User Account And Authentication Version2.2.5
Cloudfoundry ≫ User Account And Authentication Version2.2.5.2
Cloudfoundry ≫ User Account And Authentication Version2.2.5.3
Cloudfoundry ≫ User Account And Authentication Version2.2.6
Cloudfoundry ≫ User Account And Authentication Version2.3.0
Cloudfoundry ≫ User Account And Authentication Version2.3.1
Cloudfoundry ≫ User Account And Authentication Version2.3.1.1
Cloudfoundry ≫ User Account And Authentication Version2.4.0
Cloudfoundry ≫ User Account And Authentication Version2.4.1
Cloudfoundry ≫ User Account And Authentication Version2.5.0
Cloudfoundry ≫ User Account And Authentication Version2.5.1
Cloudfoundry ≫ User Account And Authentication Version2.5.2
Cloudfoundry ≫ User Account And Authentication Version2.6.0
Cloudfoundry ≫ User Account And Authentication Version2.6.1
Cloudfoundry ≫ User Account And Authentication Version2.6.2
Cloudfoundry ≫ User Account And Authentication Version2.7.0
Cloudfoundry ≫ User Account And Authentication Version2.7.0.1
Cloudfoundry ≫ User Account And Authentication Version2.7.0.2
Cloudfoundry ≫ User Account And Authentication Version2.7.0.3
Cloudfoundry ≫ User Account And Authentication Version2.7.1
Cloudfoundry ≫ User Account And Authentication Version2.7.2
Cloudfoundry ≫ User Account And Authentication Version2.7.3
Cloudfoundry ≫ Uaa-release Version2
Cloudfoundry ≫ Uaa-release Version3
Cloudfoundry ≫ Uaa-release Version4
Pivotal ≫ Elastic Runtime Version1.6.0
Pivotal ≫ Elastic Runtime Version1.6.1
Pivotal ≫ Elastic Runtime Version1.6.2
Pivotal ≫ Elastic Runtime Version1.6.3
Pivotal ≫ Elastic Runtime Version1.6.4
Pivotal ≫ Elastic Runtime Version1.6.5
Pivotal ≫ Elastic Runtime Version1.6.6
Pivotal ≫ Elastic Runtime Version1.6.7
Pivotal ≫ Elastic Runtime Version1.6.8
Pivotal ≫ Elastic Runtime Version1.6.9
Pivotal ≫ Elastic Runtime Version1.6.10
Pivotal ≫ Elastic Runtime Version1.6.11
Pivotal ≫ Elastic Runtime Version1.6.12
Pivotal ≫ Elastic Runtime Version1.6.13
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.41% | 0.587 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.5 | 8 | 6.4 |
AV:N/AC:L/Au:S/C:P/I:P/A:P
|
CWE-269 Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.