cbcvebase.
CVE-2016-0732
published 2017-09-07

CVE-2016-0732: The identity zones feature in Pivotal Cloud Foundry 208 through 229; UAA 2.0.0 through 2.7.3 and 3.0.0; UAA-Release 2 through 4, when configured with multiple…

PriorityP347high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
1.15%
63.1th percentile
The identity zones feature in Pivotal Cloud Foundry 208 through 229; UAA 2.0.0 through 2.7.3 and 3.0.0; UAA-Release 2 through 4, when configured with multiple identity zones; and Elastic Runtime 1.6.0 through 1.6.13 allows remote authenticated users with privileges in one zone to gain privileges and perform operations on a different zone via unspecified vectors.

Affected

51 ranges· showing 25
VendorProductVersion rangeFixed in
cloudfoundrycf-release208 – 229
cloudfoundryuaa-release
cloudfoundryuaa-release
cloudfoundryuaa-release
cloudfoundryuser_account_and_authentication
cloudfoundryuser_account_and_authentication
cloudfoundryuser_account_and_authentication
cloudfoundryuser_account_and_authentication
cloudfoundryuser_account_and_authentication
cloudfoundryuser_account_and_authentication
cloudfoundryuser_account_and_authentication
cloudfoundryuser_account_and_authentication
cloudfoundryuser_account_and_authentication
cloudfoundryuser_account_and_authentication
cloudfoundryuser_account_and_authentication
cloudfoundryuser_account_and_authentication
cloudfoundryuser_account_and_authentication
cloudfoundryuser_account_and_authentication
cloudfoundryuser_account_and_authentication
cloudfoundryuser_account_and_authentication
cloudfoundryuser_account_and_authentication
cloudfoundryuser_account_and_authentication
cloudfoundryuser_account_and_authentication
cloudfoundryuser_account_and_authentication
cloudfoundryuser_account_and_authentication

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.