Lucene search

[email protected]CVE-2016-4468

HistoryApr 11, 2017 - 3:59 p.m.

CVE-2016-4468

2017-04-1115:59:00

CWE-89

[email protected]

web.nvd.nist.gov

cve-2016-4468

sql injection

pivotal cloud foundry

pcf

vulnerability

security

nvd

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

41.4%

JSON

SQL injection vulnerability in Pivotal Cloud Foundry (PCF) before 238; UAA 2.x before 2.7.4.4, 3.x before 3.3.0.2, and 3.4.x before 3.4.1; UAA BOSH before 11.2 and 12.x before 12.2; Elastic Runtime before 1.6.29 and 1.7.x before 1.7.7; and Ops Manager 1.7.x before 1.7.8 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

Affected configurations

NVD

Node

cloudfoundrycloud_foundry_uaa_boshRange≤12.0

pivotal_softwarecloud_foundryRange≤237.0

pivotal_softwarecloud_foundry_elastic_runtimeMatch1.6.0

pivotal_softwarecloud_foundry_elastic_runtimeMatch1.6.1

pivotal_softwarecloud_foundry_elastic_runtimeMatch1.6.2

pivotal_softwarecloud_foundry_elastic_runtimeMatch1.6.3

pivotal_softwarecloud_foundry_elastic_runtimeMatch1.6.4

pivotal_softwarecloud_foundry_elastic_runtimeMatch1.6.5

pivotal_softwarecloud_foundry_elastic_runtimeMatch1.6.6

pivotal_softwarecloud_foundry_elastic_runtimeMatch1.6.7

pivotal_softwarecloud_foundry_elastic_runtimeMatch1.6.8

pivotal_softwarecloud_foundry_elastic_runtimeMatch1.6.9

pivotal_softwarecloud_foundry_elastic_runtimeMatch1.6.10

pivotal_softwarecloud_foundry_elastic_runtimeMatch1.6.11

pivotal_softwarecloud_foundry_elastic_runtimeMatch1.6.12

pivotal_softwarecloud_foundry_elastic_runtimeMatch1.6.13

pivotal_softwarecloud_foundry_elastic_runtimeMatch1.6.14

pivotal_softwarecloud_foundry_elastic_runtimeMatch1.6.15

pivotal_softwarecloud_foundry_elastic_runtimeMatch1.6.17

pivotal_softwarecloud_foundry_elastic_runtimeMatch1.6.18

pivotal_softwarecloud_foundry_elastic_runtimeMatch1.6.19

pivotal_softwarecloud_foundry_elastic_runtimeMatch1.6.20

pivotal_softwarecloud_foundry_elastic_runtimeMatch1.6.21

pivotal_softwarecloud_foundry_elastic_runtimeMatch1.6.22

pivotal_softwarecloud_foundry_elastic_runtimeMatch1.6.23

pivotal_softwarecloud_foundry_elastic_runtimeMatch1.6.25

pivotal_softwarecloud_foundry_elastic_runtimeMatch1.6.26

pivotal_softwarecloud_foundry_elastic_runtimeMatch1.6.27

pivotal_softwarecloud_foundry_elastic_runtimeMatch1.6.28

pivotal_softwarecloud_foundry_elastic_runtimeMatch1.7.0

pivotal_softwarecloud_foundry_elastic_runtimeMatch1.7.1

pivotal_softwarecloud_foundry_elastic_runtimeMatch1.7.2

pivotal_softwarecloud_foundry_elastic_runtimeMatch1.7.3

pivotal_softwarecloud_foundry_elastic_runtimeMatch1.7.4

pivotal_softwarecloud_foundry_elastic_runtimeMatch1.7.5

pivotal_softwarecloud_foundry_elastic_runtimeMatch1.7.6

pivotal_softwarecloud_foundry_elastic_runtimeMatch1.7.7

pivotal_softwarecloud_foundry_elastic_runtimeMatch1.8.0

pivotal_softwarecloud_foundry_ops_managerMatch1.7.0

pivotal_softwarecloud_foundry_ops_managerMatch1.7.1

pivotal_softwarecloud_foundry_ops_managerMatch1.7.2

pivotal_softwarecloud_foundry_ops_managerMatch1.7.3

pivotal_softwarecloud_foundry_ops_managerMatch1.7.4

pivotal_softwarecloud_foundry_ops_managerMatch1.7.5

pivotal_softwarecloud_foundry_ops_managerMatch1.7.6

pivotal_softwarecloud_foundry_ops_managerMatch1.7.7

pivotal_softwarecloud_foundry_ops_managerMatch1.7.8

pivotal_softwarecloud_foundry_uaaRange≤3.4.0

CPENameOperatorVersion
cloudfoundry:cloud_foundry_uaa_boshcloudfoundry cloud foundry uaa boshle12.0
pivotal_software:cloud_foundrypivotal software cloud foundryle237.0
pivotal_software:cloud_foundry_elastic_runtimepivotal software cloud foundry elastic runtimeeq1.6.0
pivotal_software:cloud_foundry_elastic_runtimepivotal software cloud foundry elastic runtimeeq1.6.1
pivotal_software:cloud_foundry_elastic_runtimepivotal software cloud foundry elastic runtimeeq1.6.2
pivotal_software:cloud_foundry_elastic_runtimepivotal software cloud foundry elastic runtimeeq1.6.3
pivotal_software:cloud_foundry_elastic_runtimepivotal software cloud foundry elastic runtimeeq1.6.4
pivotal_software:cloud_foundry_elastic_runtimepivotal software cloud foundry elastic runtimeeq1.6.5
pivotal_software:cloud_foundry_elastic_runtimepivotal software cloud foundry elastic runtimeeq1.6.6
pivotal_software:cloud_foundry_elastic_runtimepivotal software cloud foundry elastic runtimeeq1.6.7

CPE	Name	Operator	Version
cloudfoundry:cloud_foundry_uaa_bosh	cloudfoundry cloud foundry uaa bosh	le	12.0
pivotal_software:cloud_foundry	pivotal software cloud foundry	le	237.0
pivotal_software:cloud_foundry_elastic_runtime	pivotal software cloud foundry elastic runtime	eq	1.6.0
pivotal_software:cloud_foundry_elastic_runtime	pivotal software cloud foundry elastic runtime	eq	1.6.1
pivotal_software:cloud_foundry_elastic_runtime	pivotal software cloud foundry elastic runtime	eq	1.6.2
pivotal_software:cloud_foundry_elastic_runtime	pivotal software cloud foundry elastic runtime	eq	1.6.3
pivotal_software:cloud_foundry_elastic_runtime	pivotal software cloud foundry elastic runtime	eq	1.6.4
pivotal_software:cloud_foundry_elastic_runtime	pivotal software cloud foundry elastic runtime	eq	1.6.5
pivotal_software:cloud_foundry_elastic_runtime	pivotal software cloud foundry elastic runtime	eq	1.6.6
pivotal_software:cloud_foundry_elastic_runtime	pivotal software cloud foundry elastic runtime	eq	1.6.7

Rows per page:

1-10 of 481

References

lists.cloudfoundry.org/archives/list/cf-dev%40lists.cloudfoundry.org/thread/WMTZBIH5U7DTOOX2SNRVTPQI3U2AINOB/

pivotal.io/security/cve-2016-4468

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

41.4%

JSON

Related for CVE-2016-4468

cloudfoundry1 cvelist1 nvd1 prion1 osv1