Information disclosure in Pivotal_software Gemfire_for_pivotal_cloud_foundry
CVE-2016-9885
An issue was discovered in Pivotal GemFire for PCF 1.6.x versions prior to 1.6.5 and 1.7.x versions prior to 1.7.1. The gfsh (Geode Shell) endpoint, used by operators and application developers to connect to their cluster, is unauthenticat…
Vulnerability class: Information Disclosure
EPSS: 0.015 (71.8th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.
Affected products
- Pivotal_software Gemfire_for_pivotal_cloud_foundry — versions 1.6.0.0, 1.6.1, 1.6.2
- N/a Gemfire For Pcf 1.6.x Versions Prior To 1.6.5 And 1.7.x 1.7.1 — versions GemFire for PCF 1.6.x versions prior to 1.6.5 and 1.7.x versions prior to 1.7.1
Weakness classification (CWE)
References
- security_alert@emc.com (vdb-entry, x_refsource_BID)
- security_alert@emc.com (x_refsource_CONFIRM, Vendor Advisory)
Frequently asked questions
- What is CVE-2016-9885?
- CVE-2016-9885 is a critical-severity vulnerability in Pivotal_software Gemfire_for_pivotal_cloud_foundry, classified under Information Disclosure. CVSS score: 9.8/10. Published 2017-01-06.
- How severe is CVE-2016-9885?
- Critical severity. CVSS v3 base score is 9.8 out of 10.