CSRF in Cloudfoundry Cloud_foundry_uaa_bosh
CVE-2016-6637
Multiple cross-site request forgery (CSRF) vulnerabilities in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x before 2.7.4.7, 3.x before 3.3.0.5, and 3.4.x before 3.4.4; UAA BOSH before 11.5 and 12.x before 12.5; Elastic Runtime before 1.6…
Vulnerability class: CSRF (Cross-Site Request Forgery)
EPSS: 0.001 (30.3th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 9.6 (Critical). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H.
Affected products
- Cloudfoundry Cloud_foundry_uaa_bosh
- Pivotal_software Cloud_foundry
- Pivotal_software Cloud_foundry_elastic_runtime — versions 1.6.0, 1.6.1, 1.6.2
- Pivotal_software Cloud_foundry_ops_manager — versions 1.7.0, 1.7.1, 1.7.2
- Pivotal_software Cloud_foundry_uaa — versions 2.3.0, 2.3.1, 2.4.0
- N/a — versions n/a
Weakness classification (CWE)
References
- 93245 (vdb-entry, x_refsource_BID)
- security_alert@emc.com (x_refsource_CONFIRM, Vendor Advisory)
Frequently asked questions
- What is CVE-2016-6637?
- CVE-2016-6637 is a critical-severity vulnerability in Cloudfoundry Cloud_foundry_uaa_bosh, classified under Cross-Site Request Forgery (CSRF). CVSS score: 9.6/10. Published 2016-09-30.
- How severe is CVE-2016-6637?
- Critical severity. CVSS v3 base score is 9.6 out of 10.