CVE-2016-6657 — Open Redirect in Software Cloud Foundry Elastic Runtime

CWE-601 — Open Redirect3 documents3 sources

Severity

7.4HIGHNVD

EPSS

0.2%

top 59.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Pivotal Software Cloud Foundry Elastic Runtime Pivotal Software Cloud Foundry OPS Manager

Timeline

PublishedDec 16

Latest updateMay 17

Description

An open redirect vulnerability has been detected with some Pivotal Cloud Foundry Elastic Runtime components. Users of affected versions should apply the following mitigation: Upgrade PCF Elastic Runtime 1.8.x versions to 1.8.12 or later. Upgrade PCF Ops Manager 1.7.x versions to 1.7.18 or later and 1.8.x versions to 1.8.10 or later.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:NExploitability: 2.8 | Impact: 4.0

Affected Packages2 packages

▶NVDpivotal_software/cloud_foundry_elastic_runtime13 versions+12

▶NVDpivotal_software/cloud_foundry_ops_manager30 versions+29

🔴Vulnerability Details

GHSA

GHSA-774p-wgxm-ff63: An open redirect vulnerability has been detected with some Pivotal Cloud Foundry Elastic Runtime components↗2022-05-17

▶

CVEList

CVE-2016-6657: An open redirect vulnerability has been detected with some Pivotal Cloud Foundry Elastic Runtime components↗2016-12-16

▶