org.cloudfoundry.identity:cloudfoundry-identity-api (>=3.0.0 <=3.20.0), org.cloudfoundry.identity:cloudfoundry-identity-app (>=3.0.0 <=3.20.0) +1 more potentially affected by CVE-2016-5016 via org.cloudfoundry.identity:cloudfoundry-identity-server (>=3.0.0 <=3.3.0.2)

org.cloudfoundry.identity:cloudfoundry-identity-server MAVEN version =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.20.0 Source cves: CVE-2016-5016 Source advisory: OSV:GHSA-RC2R-W8JV-VGGP...

CVE-2016-5016

Pivotal Cloud Foundry 239 and earlier, UAA aka User Account and Authentication Server 3.4.1 and earlier, UAA release 12.2 and earlier, PCF aka Pivotal Cloud Foundry Elastic Runtime 1.6.x before 1.6.35, and PCF Elastic Runtime 1.7.x before 1.7.13 does not validate if a certificate is expired...

CVE-2016-5016

CVE-2016-5016 affects Pivotal Cloud Foundry and related UAA components: CF v239 and earlier, UAA 3.4.1 and earlier (and v12.2 and earlier), and Elastic Runtime 1.6.x before 1.6.35 / 1.7.x before 1.7.13. The root cause is that the TrustManager used by OpenJDK did not validate certificate expiratio...