3 matches found
org.cloudfoundry.identity:cloudfoundry-identity-api (>=3.0.0 <=3.20.0), org.cloudfoundry.identity:cloudfoundry-identity-app (>=3.0.0 <=3.20.0) +1 more potentially affected by CVE-2016-3084 via org.cloudfoundry.identity:cloudfoundry-identity-server (>=3.0.0 <=3.3.0)
org.cloudfoundry.identity:cloudfoundry-identity-server MAVEN version =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.20.0 Source cves: CVE-2016-3084 Source advisory: OSV:GHSA-FM5C-2RWC-887W...
CVE-2016-3084
CVE-2016-3084 affects the Cloud Foundry UAA password reset flow, vulnerable to brute force when using the internal UAA user store. The issue occurs due to multiple active reset codes at a given time and does not apply to deployments using SAML/LDAP. Affected products/versions include Cloud Foundr...
CVE-2016-3084
The UAA reset password flow in Cloud Foundry release v236 and earlier versions, UAA release v3.3.0 and earlier versions, all versions of Login-server, UAA release v10 and earlier versions and Pivotal Elastic Runtime versions prior to 1.7.2 is vulnerable to a brute force attack due to multiple...