CVE-2016-0896 — Software Cloud Foundry Elastic Runtime vulnerability

CWE-2543 documents3 sources

Severity

7.3HIGHNVD

EPSS

0.1%

top 65.78%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Pivotal Software Cloud Foundry Elastic Runtime

Timeline

PublishedSep 18

Latest updateMay 17

Description

Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.34 and 1.7.x before 1.7.12 places 169.254.0.0/16 in the all_open Application Security Group, which might allow remote attackers to bypass intended network-connectivity restrictions by leveraging access to the 169.254.169.254 address.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:LExploitability: 3.9 | Impact: 3.4

Affected Packages1 packages

▶NVDpivotal_software/cloud_foundry_elastic_runtime1.6.33+12

🔴Vulnerability Details

GHSA

GHSA-crwx-2x7c-cgpf: Pivotal Cloud Foundry (PCF) Elastic Runtime before 1↗2022-05-17

▶

CVEList

CVE-2016-0896: Pivotal Cloud Foundry (PCF) Elastic Runtime before 1↗2016-09-18

▶