Information disclosure in Pivotal_software Gemfire_for_pivotal_cloud_foundry

CVE-2016-9885

An issue was discovered in Pivotal GemFire for PCF 1.6.x versions prior to 1.6.5 and 1.7.x versions prior to 1.7.1. The gfsh (Geode Shell) endpoint, used by operators and application developers to connect to their cluster, is unauthenticat…

Vulnerability class: Information Disclosure

EPSS: 0.015 (71.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2016-9885?
CVE-2016-9885 is a critical-severity vulnerability in Pivotal_software Gemfire_for_pivotal_cloud_foundry, classified under Information Disclosure. CVSS score: 9.8/10. Published 2017-01-06.
How severe is CVE-2016-9885?
Critical severity. CVSS v3 base score is 9.8 out of 10.