Vulnerabilities for Gemfire for pivotal cloud foundry (...) - CXSECURITY.COM

Vulnerabilities for
'Gemfire for pivotal cloud foundry'

2018-03-16

CVE-2016-9880

CWE-287

The GemFire broker for Cloud Foundry 1.6.x before 1.6.5 and 1.7.x before 1.7.1 has multiple API endpoints which do not require authentication and could be used to gain access to the cluster managed by the broker.

2017-01-06

CVE-2016-9885

An issue was discovered in Pivotal GemFire for PCF 1.6.x versions prior to 1.6.5 and 1.7.x versions prior to 1.7.1. The gfsh (Geode Shell) endpoint, used by operators and application developers to connect to their cluster, is unauthenticated and publicly accessible. Because HTTPS communications are terminated at the gorouter, communications from the gorouter to GemFire clusters are unencrypted. An attacker could run any command available on gfsh and could cause denial of service, lost confidentiality of data, escalate privileges, or eavesdrop on other communications between the gorouter and the cluster.

>>> Vendor: Pivotal software 54 Products

Operations manager

Spring framework

Rabbitmq management

Cloud foundry elastic runtime

Cloud foundry ops manager

Cloud foundry uaa

Cloud foundry uaa bosh

Spring data jpa

Cloud foundry cf mysql

Gemfire for pivotal cloud foundry

Spring security

Cloud foundry elastic runtime cf release

Cloud foundry uaa release

Cloud foundry cf release

Cloud foundry garden linux

Spring security oauth

Cloud foundry cf

Spring batch admin

Single sign-on for pivotal cloud foundry

Spring advanced message queuing protocol

Credhub-release

Spring data rest

Cloud foundry uaa-release

Spring data commons

Spring cloud sso connector

Windows stemcells

Spring integration zip

Pivotal application service

Cloud foundry cf-deployment

Cloudfoundry uaa release

Cloudfoundry uaa

Spring integration

Spring web services

Cloud foundry cf-release

Application service

Pivotal container service

Credhub service broker

Spring data java persistance api

Copyright 2024, cxsecurity.com