Lucene search

DellCVE-2016-6657

HistoryDec 16, 2016 - 9:59 a.m.

CVE-2016-6657

2016-12-1609:59:00

CWE-601

dell

web.nvd.nist.gov

cve-2016-6657

open redirect

vulnerability

pivotal cloud foundry

elastic runtime

pcf

nvd

security vulnerability

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSS3

7.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N

EPSS

0.001

Percentile

43.7%

JSON

An open redirect vulnerability has been detected with some Pivotal Cloud Foundry Elastic Runtime components. Users of affected versions should apply the following mitigation: Upgrade PCF Elastic Runtime 1.8.x versions to 1.8.12 or later. Upgrade PCF Ops Manager 1.7.x versions to 1.7.18 or later and 1.8.x versions to 1.8.10 or later.

Affected configurations

Nvd

Node

pivotal_softwarecloud_foundry_ops_managerMatch1.7.0

pivotal_softwarecloud_foundry_ops_managerMatch1.7.1

pivotal_softwarecloud_foundry_ops_managerMatch1.7.2

pivotal_softwarecloud_foundry_ops_managerMatch1.7.3

pivotal_softwarecloud_foundry_ops_managerMatch1.7.4

pivotal_softwarecloud_foundry_ops_managerMatch1.7.5

pivotal_softwarecloud_foundry_ops_managerMatch1.7.6

pivotal_softwarecloud_foundry_ops_managerMatch1.7.7

pivotal_softwarecloud_foundry_ops_managerMatch1.7.8

pivotal_softwarecloud_foundry_ops_managerMatch1.7.9

pivotal_softwarecloud_foundry_ops_managerMatch1.7.10

pivotal_softwarecloud_foundry_ops_managerMatch1.7.11

pivotal_softwarecloud_foundry_ops_managerMatch1.7.12

pivotal_softwarecloud_foundry_ops_managerMatch1.7.13

pivotal_softwarecloud_foundry_ops_managerMatch1.7.14

pivotal_softwarecloud_foundry_ops_managerMatch1.7.15

pivotal_softwarecloud_foundry_ops_managerMatch1.7.16

pivotal_softwarecloud_foundry_ops_managerMatch1.7.17

pivotal_softwarecloud_foundry_ops_managerMatch1.7.18

pivotal_softwarecloud_foundry_ops_managerMatch1.8.0

pivotal_softwarecloud_foundry_ops_managerMatch1.8.1

pivotal_softwarecloud_foundry_ops_managerMatch1.8.2

pivotal_softwarecloud_foundry_ops_managerMatch1.8.3

pivotal_softwarecloud_foundry_ops_managerMatch1.8.4

pivotal_softwarecloud_foundry_ops_managerMatch1.8.5

pivotal_softwarecloud_foundry_ops_managerMatch1.8.6

pivotal_softwarecloud_foundry_ops_managerMatch1.8.7

pivotal_softwarecloud_foundry_ops_managerMatch1.8.8

pivotal_softwarecloud_foundry_ops_managerMatch1.8.9

pivotal_softwarecloud_foundry_ops_managerMatch1.8.10

Node

pivotal_softwarecloud_foundry_elastic_runtimeMatch1.8.0

pivotal_softwarecloud_foundry_elastic_runtimeMatch1.8.1

pivotal_softwarecloud_foundry_elastic_runtimeMatch1.8.2

pivotal_softwarecloud_foundry_elastic_runtimeMatch1.8.3

pivotal_softwarecloud_foundry_elastic_runtimeMatch1.8.4

pivotal_softwarecloud_foundry_elastic_runtimeMatch1.8.5

pivotal_softwarecloud_foundry_elastic_runtimeMatch1.8.6

pivotal_softwarecloud_foundry_elastic_runtimeMatch1.8.7

pivotal_softwarecloud_foundry_elastic_runtimeMatch1.8.8

pivotal_softwarecloud_foundry_elastic_runtimeMatch1.8.9

pivotal_softwarecloud_foundry_elastic_runtimeMatch1.8.10

pivotal_softwarecloud_foundry_elastic_runtimeMatch1.8.11

pivotal_softwarecloud_foundry_elastic_runtimeMatch1.8.12

VendorProductVersionCPE
pivotal_softwarecloud_foundry_ops_manager1.7.0cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.0:*:*:*:*:*:*:*
pivotal_softwarecloud_foundry_ops_manager1.7.1cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.1:*:*:*:*:*:*:*
pivotal_softwarecloud_foundry_ops_manager1.7.2cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.2:*:*:*:*:*:*:*
pivotal_softwarecloud_foundry_ops_manager1.7.3cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.3:*:*:*:*:*:*:*
pivotal_softwarecloud_foundry_ops_manager1.7.4cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.4:*:*:*:*:*:*:*
pivotal_softwarecloud_foundry_ops_manager1.7.5cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.5:*:*:*:*:*:*:*
pivotal_softwarecloud_foundry_ops_manager1.7.6cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.6:*:*:*:*:*:*:*
pivotal_softwarecloud_foundry_ops_manager1.7.7cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.7:*:*:*:*:*:*:*
pivotal_softwarecloud_foundry_ops_manager1.7.8cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.8:*:*:*:*:*:*:*
pivotal_softwarecloud_foundry_ops_manager1.7.9cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.9:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
pivotal_software	cloud_foundry_ops_manager	1.7.0	cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.0:::::::*
pivotal_software	cloud_foundry_ops_manager	1.7.1	cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.1:::::::*
pivotal_software	cloud_foundry_ops_manager	1.7.2	cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.2:::::::*
pivotal_software	cloud_foundry_ops_manager	1.7.3	cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.3:::::::*
pivotal_software	cloud_foundry_ops_manager	1.7.4	cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.4:::::::*
pivotal_software	cloud_foundry_ops_manager	1.7.5	cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.5:::::::*
pivotal_software	cloud_foundry_ops_manager	1.7.6	cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.6:::::::*
pivotal_software	cloud_foundry_ops_manager	1.7.7	cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.7:::::::*
pivotal_software	cloud_foundry_ops_manager	1.7.8	cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.8:::::::*
pivotal_software	cloud_foundry_ops_manager	1.7.9	cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.9:::::::*

Rows per page:

1-10 of 431

CNA Affected

[
  {
    "product": "PCF Elastic Runtime 1.8.x versions prior to 1.8.12 and PCF Ops Manager 1.7.x versions prior to 1.7.18 and 1.8.x versions prior to 1.8.10",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "PCF Elastic Runtime 1.8.x versions prior to 1.8.12 and PCF Ops Manager 1.7.x versions prior to 1.7.18 and 1.8.x versions prior to 1.8.10"
      }
    ]
  }
]

References

www.securityfocus.com/bid/94126

pivotal.io/security/cve-2016-6657

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSS3

7.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N

EPSS

0.001

Percentile

43.7%

JSON

Related for CVE-2016-6657