5.9
CVE-2016-5016
- EPSS 0.28%
- Published 24.04.2017 19:59:00
- Last modified 20.04.2025 01:37:25
- Source secalert@redhat.com
- Teams watchlist Login
- Open Login
Pivotal Cloud Foundry 239 and earlier, UAA (aka User Account and Authentication Server) 3.4.1 and earlier, UAA release 12.2 and earlier, PCF (aka Pivotal Cloud Foundry) Elastic Runtime 1.6.x before 1.6.35, and PCF Elastic Runtime 1.7.x before 1.7.13 does not validate if a certificate is expired.
Data is provided by the National Vulnerability Database (NVD)
Pivotal Software ≫ Cloud Foundry Version <= 239
Pivotal Software ≫ Cloud Foundry Elastic Runtime Version >= 1.6.0 < 1.6.35
Pivotal Software ≫ Cloud Foundry Elastic Runtime Version >= 1.7.0 < 1.7.13
Pivotal Software ≫ Cloud Foundry Uaa Version <= 3.4.1
Pivotal Software ≫ Cloud Foundry Uaa-release Version <= 12.2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.28% | 0.482 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 5.9 | 2.2 | 3.6 |
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
CWE-295 Improper Certificate Validation
The product does not validate, or incorrectly validates, a certificate.