5.9
CVE-2016-5016
- EPSS 0.28%
- Veröffentlicht 24.04.2017 19:59:00
- Zuletzt bearbeitet 20.04.2025 01:37:25
- Quelle secalert@redhat.com
- Teams Watchlist Login
- Unerledigt Login
Pivotal Cloud Foundry 239 and earlier, UAA (aka User Account and Authentication Server) 3.4.1 and earlier, UAA release 12.2 and earlier, PCF (aka Pivotal Cloud Foundry) Elastic Runtime 1.6.x before 1.6.35, and PCF Elastic Runtime 1.7.x before 1.7.13 does not validate if a certificate is expired.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Pivotal Software ≫ Cloud Foundry Version <= 239
Pivotal Software ≫ Cloud Foundry Elastic Runtime Version >= 1.6.0 < 1.6.35
Pivotal Software ≫ Cloud Foundry Elastic Runtime Version >= 1.7.0 < 1.7.13
Pivotal Software ≫ Cloud Foundry Uaa Version <= 3.4.1
Pivotal Software ≫ Cloud Foundry Uaa-release Version <= 12.2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.28% | 0.482 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.9 | 2.2 | 3.6 |
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
CWE-295 Improper Certificate Validation
The product does not validate, or incorrectly validates, a certificate.