org.cloudfoundry.identity:cloudfoundry-identity-api (>=3.0.0 <=3.20.0), org.cloudfoundry.identity:cloudfoundry-identity-app (>=3.0.0 <=3.20.0) +1 more potentially affected by CVE-2016-6637 via org.cloudfoundry.identity:cloudfoundry-identity-server (>=3.0.0 <=3.3.0.4)

org.cloudfoundry.identity:cloudfoundry-identity-server MAVEN version =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.20.0 Source cves: CVE-2016-6637 Source advisory: OSV:GHSA-4M8C-H7FR-GQ5C...

org.cloudfoundry.identity:cloudfoundry-identity-api (>=3.4.0 <=3.4.3), org.cloudfoundry.identity:cloudfoundry-identity-app (>=3.4.0 <=3.4.3) +1 more potentially affected by CVE-2016-6637 via org.cloudfoundry.identity:cloudfoundry-identity-server (>=3.4.0 <=3.4.3)

org.cloudfoundry.identity:cloudfoundry-identity-server MAVEN version =3.4.0, =3.4.0, =3.4.0, =3.4.0, =3.4.3 Source cves: CVE-2016-6637 Source advisory: OSV:GHSA-4M8C-H7FR-GQ5C...

CVE-2016-6637

CVE-2016-6637 involves multiple CSRF vulnerabilities in Pivotal Cloud Foundry (PCF) and related components. The Cloud Foundry release v241 and earlier, UAA releases v2.0.0–v2.7.4.6 and v3.0.0–v3.6.0, and UAA bosh releases up to v15 are affected. The flaw arises because the profile and authorize a...