CVE-2016-6655 — Command Injection in Cf-mysql-release

CWE-77 — Command Injection3 documents3 sources

Severity

9.8CRITICALNVD

EPSS

4.7%

top 10.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cloudfoundry Cf-mysql-release Cloudfoundry Cf-release

Timeline

PublishedJun 13

Latest updateMay 17

Description

An issue was discovered in Cloud Foundry Foundation Cloud Foundry release versions prior to v245 and cf-mysql-release versions prior to v31. A command injection vulnerability was discovered in a common script used by many Cloud Foundry components. A malicious user may exploit numerous vectors to execute arbitrary commands on servers running Cloud Foundry.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶NVDcloudfoundry/cf-mysql-release30

▶NVDcloudfoundry/cf-release244

Patches

Patch: www.cloudfoundry.org ↗Patch: www.cloudfoundry.org ↗

🔴Vulnerability Details

GHSA

GHSA-4rmm-hmcx-2hg3: An issue was discovered in Cloud Foundry Foundation Cloud Foundry release versions prior to v245 and cf-mysql-release versions prior to v31↗2022-05-17

▶

CVEList

CVE-2016-6655: An issue was discovered in Cloud Foundry Foundation Cloud Foundry release versions prior to v245 and cf-mysql-release versions prior to v31↗2017-06-13

▶