Lucene search
K

123 matches found

Cvelist
Cvelist
added 2016/09/30 12:0 a.m.24 views

CVE-2016-6651

The UAA /oauth/token endpoint in Pivotal Cloud Foundry PCF before 243; UAA 2.x before 2.7.4.8, 3.x before 3.3.0.6, and 3.4.x before 3.4.5; UAA BOSH before 11.7 and 12.x before 12.6; Elastic Runtime before 1.6.40, 1.7.x before 1.7.21, and 1.8.x before 1.8.2; and Ops Manager 1.7.x before 1.7.13 and...

8.6AI score0.01748EPSS
Exploits0References2
Cvelist
Cvelist
added 2016/09/30 12:0 a.m.26 views

CVE-2016-6637

Multiple cross-site request forgery CSRF vulnerabilities in Pivotal Cloud Foundry PCF before 242; UAA 2.x before 2.7.4.7, 3.x before 3.3.0.5, and 3.4.x before 3.4.4; UAA BOSH before 11.5 and 12.x before 12.5; Elastic Runtime before 1.6.40, 1.7.x before 1.7.21, and 1.8.x before 1.8.2; and Ops...

9.7AI score0.00726EPSS
Exploits0References2
CNVD
CNVD
added 2016/09/19 12:0 a.m.7 views

Pivotal Cloud Foundry Ops Manager Insecure Default Password Vulnerability

Pivotal Cloud Foundry PCF is an open source Platform-as-a-Service PaaS cloud computing platform from Pivotal Software, Inc. that provides container scheduling, continuous delivery, and automated service deployment, etc. PCF Ops Manager is one of the management tools used for deployment, online...

9.8CVSS7AI score0.01031EPSS
Exploits0References1
OSV
OSV
added 2016/09/18 2:59 a.m.5 views

CVE-2016-0930

Pivotal Cloud Foundry PCF Ops Manager before 1.6.19 and 1.7.x before 1.7.10, when vCloud or vSphere is used, has a default password for compilation VMs, which allows remote attackers to obtain SSH access by connecting within an installation-time period during which these VMs exist...

9.8CVSS5.9AI score0.01031EPSS
Exploits0References2
NVD
NVD
added 2016/09/18 2:59 a.m.20 views

CVE-2016-0930

Pivotal Cloud Foundry PCF Ops Manager before 1.6.19 and 1.7.x before 1.7.10, when vCloud or vSphere is used, has a default password for compilation VMs, which allows remote attackers to obtain SSH access by connecting within an installation-time period during which these VMs exist...

9.8CVSS9.6AI score0.01031EPSS
Exploits0References2
NVD
NVD
added 2016/09/18 2:59 a.m.21 views

CVE-2016-0927

Cross-site scripting XSS vulnerability in Pivotal Cloud Foundry PCF Ops Manager before 1.6.17 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

6.1CVSS6AI score0.00999EPSS
Exploits0References1
OSV
OSV
added 2016/09/18 2:59 a.m.6 views

CVE-2016-0897

Pivotal Cloud Foundry PCF Ops Manager before 1.6.17 and 1.7.x before 1.7.8, when vCloud or vSphere is used, does not properly enable SSH access for operators, which has unspecified impact and remote attack vectors...

9.8CVSS5.8AI score0.01494EPSS
Exploits0References1
OSV
OSV
added 2016/09/18 2:59 a.m.6 views

CVE-2016-0883

Pivotal Cloud Foundry PCF Ops Manager before 1.5.14 and 1.6.x before 1.6.9 uses the same cookie-encryption key across different customers' installations, which allows remote attackers to bypass session authentication by leveraging knowledge of this key from another installation...

9.8CVSS5.8AI score0.00883EPSS
Exploits0References1
Prion
Prion
added 2016/09/18 2:59 a.m.14 views

Design/Logic Flaw

Pivotal Cloud Foundry PCF Ops Manager before 1.6.17 and 1.7.x before 1.7.8, when vCloud or vSphere is used, does not properly enable SSH access for operators, which has unspecified impact and remote attack vectors...

7.5CVSS7.4AI score0.01494EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2016/09/18 2:59 a.m.12 views

Authentication flaw

Pivotal Cloud Foundry PCF Ops Manager before 1.5.14 and 1.6.x before 1.6.9 uses the same cookie-encryption key across different customers' installations, which allows remote attackers to bypass session authentication by leveraging knowledge of this key from another installation...

5CVSS7.5AI score0.00883EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2016/09/18 2:59 a.m.20 views

CVE-2016-0883

Pivotal Cloud Foundry PCF Ops Manager before 1.5.14 and 1.6.x before 1.6.9 uses the same cookie-encryption key across different customers' installations, which allows remote attackers to bypass session authentication by leveraging knowledge of this key from another installation...

9.8CVSS9.7AI score0.00883EPSS
Exploits0References1
Prion
Prion
added 2016/09/18 2:59 a.m.14 views

Default credentials

Pivotal Cloud Foundry PCF Ops Manager before 1.6.19 and 1.7.x before 1.7.10, when vCloud or vSphere is used, has a default password for compilation VMs, which allows remote attackers to obtain SSH access by connecting within an installation-time period during which these VMs exist...

5CVSS7.4AI score0.01031EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2016/09/18 2:59 a.m.12 views

Cross site scripting

Cross-site scripting XSS vulnerability in Pivotal Cloud Foundry PCF Ops Manager before 1.6.17 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS6.1AI score0.00999EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2016/09/18 1:0 a.m.21 views

CVE-2016-0883

Pivotal Cloud Foundry PCF Ops Manager before 1.5.14 and 1.6.x before 1.6.9 uses the same cookie-encryption key across different customers' installations, which allows remote attackers to bypass session authentication by leveraging knowledge of this key from another installation...

9.7AI score0.00883EPSS
Exploits0References1
CVE
CVE
added 2016/09/18 1:0 a.m.44 views

CVE-2016-0927

The CVE-2016-0927 issue affects Pivotal Cloud Foundry (PCF) Ops Manager, specifically versions before 1.6.17. Descriptions across multiple sources identify a cross-site scripting (XSS) or HTML injection vulnerability that allows remote attackers to inject arbitrary scripts or HTML via unspecified...

6.1CVSS5.9AI score0.00999EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2016/09/18 1:0 a.m.24 views

CVE-2016-0927

Cross-site scripting XSS vulnerability in Pivotal Cloud Foundry PCF Ops Manager before 1.6.17 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

6AI score0.00999EPSS
Exploits0References1
Cvelist
Cvelist
added 2016/09/18 1:0 a.m.19 views

CVE-2016-0897

Pivotal Cloud Foundry PCF Ops Manager before 1.6.17 and 1.7.x before 1.7.8, when vCloud or vSphere is used, does not properly enable SSH access for operators, which has unspecified impact and remote attack vectors...

9.6AI score0.01494EPSS
Exploits0References1
Cvelist
Cvelist
added 2016/09/18 1:0 a.m.21 views

CVE-2016-0930

Pivotal Cloud Foundry PCF Ops Manager before 1.6.19 and 1.7.x before 1.7.10, when vCloud or vSphere is used, has a default password for compilation VMs, which allows remote attackers to obtain SSH access by connecting within an installation-time period during which these VMs exist...

9.6AI score0.01031EPSS
Exploits0References2
CVE
CVE
added 2016/09/18 1:0 a.m.40 views

CVE-2016-0883

CVE-2016-0883 affects Pivotal Cloud Foundry Ops Manager prior to 1.5.14 and 1.6.x prior to 1.6.9. The issue is that the same cookie-encryption key was used across different customers’ installations, enabling remote attackers to bypass session authentication by leveraging knowledge of the key from...

9.8CVSS9.5AI score0.00883EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2016/09/18 1:0 a.m.43 views

CVE-2016-0930

Pivotal Cloud Foundry Ops Manager is affected: versions before 1.6.19 and 1.7.x before 1.7.10 expose a default password on compilation VMs when using vCloud or vSphere. This allows remote attackers to obtain SSH access during the installation window when those VMs exist. The vulnerability’s impac...

9.8CVSS9.4AI score0.01031EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder