Auth bypass in Dell Emc Gemfire Broker For Cloud Foundry
CVE-2016-9880
The GemFire broker for Cloud Foundry 1.6.x before 1.6.5 and 1.7.x before 1.7.1 has multiple API endpoints which do not require authentication and could be used to gain access to the cluster managed by the broker.
Vulnerability class: Broken Authentication
EPSS: 0.022 (80.0th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.
Affected products
- Dell Emc Gemfire Broker For Cloud Foundry — versions 1.6.x versions prior to 1.6.5, 1.7.x versions prior to 1.7.1
- Pivotal_software Gemfire_for_pivotal_cloud_foundry — versions 1.7.0
Weakness classification (CWE)
References
- security_alert@emc.com (x_refsource_CONFIRM, Vendor Advisory)
- security_alert@emc.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)
Frequently asked questions
- What is CVE-2016-9880?
- CVE-2016-9880 is a critical-severity vulnerability in Dell Emc Gemfire Broker For Cloud Foundry, classified under Improper Authentication. CVSS score: 9.8/10. Published 2018-03-16.
- How severe is CVE-2016-9880?
- Critical severity. CVSS v3 base score is 9.8 out of 10.