CRITICAL🇵🇱 Wersja polska

CVE-2016-6655

CVSS 9.8v3.0pub. 2017-06-13upd. 2026-05-13

An issue was discovered in Cloud Foundry Foundation Cloud Foundry release versions prior to v245 and cf-mysql-release versions prior to v31. A command injection vulnerability was discovered in a common script used by many Cloud Foundry components. A malicious user may exploit numerous vectors to execute arbitrary commands on servers running Cloud Foundry.

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Cloudfoundry Cf MySQL Release

    APP
    Cloudfoundry
    ≤ 30
  • Cloudfoundry Cf Release

    APP
    Cloudfoundry
    ≤ 244
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2016-6658CRITICAL9.6ten sam produkt

Applications in cf-release before 245 can be configured and pushed with a user-provided custom buildpack using...

CVE-2015-5172CRITICAL9.8ten sam produkt

Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime...

CVE-2015-5171CRITICAL9.8ten sam produkt

The password change functionality in Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivota...

CVE-2016-8218CRITICAL9.8ten sam produkt

An issue was discovered in Cloud Foundry Foundation routing-release versions prior to 0.142.0 and cf-release v...

CVE-2017-4992CRITICAL9.8ten sam produkt

An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v261; UAA release 2.x version...