CVE-2016-5016 — Improper Certificate Validation in Software Cloud Foundry Elastic Runtime

CWE-295 — Improper Certificate Validation4 documents4 sources

Severity

5.9MEDIUMNVD

EPSS

0.3%

top 48.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Pivotal Software Cloud Foundry Elastic Runtime Pivotal Software Cloud Foundry Pivotal Software Cloud Foundry UAA +1 more

Timeline

PublishedApr 24

Latest updateMay 14

Description

Pivotal Cloud Foundry 239 and earlier, UAA (aka User Account and Authentication Server) 3.4.1 and earlier, UAA release 12.2 and earlier, PCF (aka Pivotal Cloud Foundry) Elastic Runtime 1.6.x before 1.6.35, and PCF Elastic Runtime 1.7.x before 1.7.13 does not validate if a certificate is expired.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages4 packages

▶NVDpivotal_software/cloud_foundry_elastic_runtime1.6.0 — 1.6.35+1

▶NVDpivotal_software/cloud_foundry_uaa-release12.2

▶NVDpivotal_software/cloud_foundry239

▶NVDpivotal_software/cloud_foundry_uaa3.4.1

🔴Vulnerability Details

OSV

Cloud Foundry vulnerable to Improper Certificate Validation↗2022-05-14

▶

GHSA

Cloud Foundry vulnerable to Improper Certificate Validation↗2022-05-14

▶

CVEList

CVE-2016-5016: Pivotal Cloud Foundry 239 and earlier, UAA (aka User Account and Authentication Server) 3↗2017-04-24

▶