CVE-2016-0732 — Improper Privilege Management in Cf-release

CWE-269 — Improper Privilege Management3 documents3 sources

Severity

8.8HIGHNVD

EPSS

0.4%

top 38.40%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cloudfoundry Cf-release Cloudfoundry Uaa-release Cloudfoundry User Account AND Authentication +1 more

Timeline

PublishedSep 7

Latest updateMay 13

Description

The identity zones feature in Pivotal Cloud Foundry 208 through 229; UAA 2.0.0 through 2.7.3 and 3.0.0; UAA-Release 2 through 4, when configured with multiple identity zones; and Elastic Runtime 1.6.0 through 1.6.13 allows remote authenticated users with privileges in one zone to gain privileges and perform operations on a different zone via unspecified vectors.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

▶NVDcloudfoundry/cf-release208 — 229

▶NVDpivotal/elastic_runtime14 versions+13

▶NVDcloudfoundry/uaa-release2, 3, 4+2

▶NVDcloudfoundry/user_account_and_authentication33 versions+32

🔴Vulnerability Details

GHSA

GHSA-4987-rr6v-x4q5: The identity zones feature in Pivotal Cloud Foundry 208 through 229; UAA 2↗2022-05-13

▶

CVEList

CVE-2016-0732: The identity zones feature in Pivotal Cloud Foundry 208 through 229; UAA 2↗2017-09-07

▶