What is CVE-2016-0732?

CVE-2016-0732 is a high-severity vulnerability in Cloudfoundry Cf-release, classified under Improper Privilege Management. CVSS score: 8.8/10. Published 2017-09-07.

How severe is CVE-2016-0732?

High severity. CVSS v3 base score is 8.8 out of 10.

Privilege escalation in Cloudfoundry Cf-release

CVE-2016-0732

The identity zones feature in Pivotal Cloud Foundry 208 through 229; UAA 2.0.0 through 2.7.3 and 3.0.0; UAA-Release 2 through 4, when configured with multiple identity zones; and Elastic Runtime 1.6.0 through 1.6.13 allows remote authentic…

Vulnerability class: Privilege Escalation

EPSS: 0.004 (61.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Cloudfoundry Cf-release
Cloudfoundry Uaa-release — versions 2, 3, 4
Cloudfoundry User_account_and_authentication — versions 2.0.0, 2.0.1, 2.0.2
Pivotal Elastic_runtime — versions 1.6.0, 1.6.1, 1.6.2
N/a — versions n/a

Weakness classification (CWE)

CWE-269 — Improper Privilege Management

References

secalert@redhat.com (x_refsource_CONFIRM, Mitigation, Vendor Advisory)

Frequently asked questions

What is CVE-2016-0732?: CVE-2016-0732 is a high-severity vulnerability in Cloudfoundry Cf-release, classified under Improper Privilege Management. CVSS score: 8.8/10. Published 2017-09-07.
How severe is CVE-2016-0732?: High severity. CVSS v3 base score is 8.8 out of 10.