Vulnerability CVE-2016-6659


Published: 2016-12-23

Description:
Cloud Foundry before 248; UAA 2.x before 2.7.4.12, 3.x before 3.6.5, and 3.7.x through 3.9.x before 3.9.3; and UAA bosh release (aka uaa-release) before 13.9 for UAA 3.6.5 and before 24 for UAA 3.9.3 allow attackers to gain privileges by accessing UAA logs and subsequently running a specially crafted application that interacts with a configured SAML provider.

CVSS2 => (AV:N/AC:H/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
2.6/10
2.9/10
4.9/10
Exploit range
Attack complexity
Authentication
Remote
High
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
Pivotal software -> Cloud foundry 
Pivotal software -> Cloud foundry uaa 
Pivotal software -> Cloud foundry uaa bosh 

 References:
http://www.securityfocus.com/bid/95085
https://www.cloudfoundry.org/cve-2016-6659/

Copyright 2024, cxsecurity.com

 

Back to Top