Information disclosure

2017-09-0713:29:00

PRIOn knowledge base

www.prio-n.com

7.1 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

59.9%

JSON

The identity zones feature in Pivotal Cloud Foundry 208 through 229; UAA 2.0.0 through 2.7.3 and 3.0.0; UAA-Release 2 through 4, when configured with multiple identity zones; and Elastic Runtime 1.6.0 through 1.6.13 allows remote authenticated users with privileges in one zone to gain privileges and perform operations on a different zone via unspecified vectors.

CPENameOperatorVersion
cf-releasege208
cf-releasele229
uaa-releaseeq2
uaa-releaseeq4
uaa-releaseeq3
user_account_and_authenticationeq2.0.3
user_account_and_authenticationeq2.1.0
user_account_and_authenticationeq2.0.1
user_account_and_authenticationeq2.0.2
user_account_and_authenticationeq2.0.0

Name	Operator	Version
cf-release	ge	208
cf-release	le	229
uaa-release	eq	2
uaa-release	eq	4
uaa-release	eq	3
user_account_and_authentication	eq	2.0.3
user_account_and_authentication	eq	2.1.0
user_account_and_authentication	eq	2.0.1
user_account_and_authentication	eq	2.0.2
user_account_and_authentication	eq	2.0.0

Rows per page:

1-10 of 521

References

pivotal.io/security/cve-2016-0732