CRITICAL🇵🇱 Wersja polska

CVE-2016-6637

CVSS 9.6v3.0pub. 2016-09-30upd. 2026-05-06

Multiple cross-site request forgery (CSRF) vulnerabilities in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x before 2.7.4.7, 3.x before 3.3.0.5, and 3.4.x before 3.4.4; UAA BOSH before 11.5 and 12.x before 12.5; Elastic Runtime before 1.6.40, 1.7.x before 1.7.21, and 1.8.x before 1.8.2; and Ops Manager 1.7.x before 1.7.13 and 1.8.x before 1.8.1 allow remote attackers to hijack the authentication of unspecified victims for requests that approve or deny a scope via a profile or authorize approval page.

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
  • Cloudfoundry Cloud Foundry Uaa Bosh

    APP
    Cloudfoundry
    ≤ 15.0
  • Pivotal Software Cloud Foundry

    APP
    Pivotal Software
    ≤ 241
  • Pivotal Software Cloud Foundry Elastic Runtime

    APP
    Pivotal Software
    1.6.01.6.11.6.101.6.111.6.121.6.131.6.141.6.151.6.171.6.181.6.191.6.21.6.201.6.211.6.22+ 45 więcej
  • Pivotal Software Cloud Foundry Ops Manager

    APP
    Pivotal Software
    1.7.01.7.11.7.101.7.111.7.121.7.21.7.31.7.41.7.51.7.61.7.71.7.81.7.91.8.0
  • Pivotal Software Cloud Foundry Uaa

    APP
    Pivotal Software
    2.3.02.3.12.4.02.5.12.6.12.7.0.22.7.0.32.7.12.7.22.7.32.7.4.63.0.03.0.13.1.03.2.0+ 6 więcej
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2018-15761CRITICAL9.9ten sam produkt

Cloud Foundry UAA release, versions prior to v64.0, and UAA, versions prior to 4.23.0, contains a validation e...

CVE-2016-6658CRITICAL9.6ten sam produkt

Applications in cf-release before 245 can be configured and pushed with a user-provided custom buildpack using...

CVE-2015-5172CRITICAL9.8ten sam produkt

Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime...

CVE-2015-5171CRITICAL9.8ten sam produkt

The password change functionality in Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivota...

CVE-2017-2773CRITICAL9.8ten sam produkt

An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.60, 1.7.x versions prior to...