CVE-2016-4435Bosh Stemcell vulnerability

CWE-2643 documents3 sources
Severity
9.0CRITICALNVD
EPSS
0.6%
top 31.89%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Pivotal Bosh StemcellPivotal Cloud Foundry
Timeline
PublishedMay 25
Latest updateMay 17

Description

An endpoint of the Agent running on the BOSH Director VM with stemcell versions prior to 3232.6 and 3146.13 may allow unauthenticated clients to read or write blobs or cause a denial of service attack on the Director VM. This vulnerability requires that the unauthenticated clients guess or find a URL matching an existing GUID.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:HExploitability: 2.2 | Impact: 6.0

Affected Packages2 packages

NVDpivotal/bosh_stemcell3232.4+1
CVEListV5pivotal/cloud_foundryBOSH stemcell versions prior to 3232.6 and 3146.13

🔴Vulnerability Details

2
GHSA
GHSA-3rx5-2rm5-fvhx: An endpoint of the Agent running on the BOSH Director VM with stemcell versions prior to 32322022-05-17
CVEList
CVE-2016-4435: An endpoint of the Agent running on the BOSH Director VM with stemcell versions prior to 32322017-05-25
CVE-2016-4435 — Pivotal Bosh Stemcell vulnerability | cvebase