CVE-2016-0732
high-risk
Published 2017-09-07
The identity zones feature in Pivotal Cloud Foundry 208 through 229; UAA 2.0.0 through 2.7.3 and 3.0.0; UAA-Release 2 through 4, when configured with multiple identity zones; and Elastic Runtime 1.6.0 through 1.6.13 allows remote authenticated users with privileges in one zone to gain privileges and perform operations on a different zone via unspecified vectors.
Do I need to act?
-
0.41% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10
High
NETWORK
/ LOW complexity
Affected Products (20)
User Account And Authentication
User Account And Authentication
User Account And Authentication
User Account And Authentication
User Account And Authentication
User Account And Authentication
User Account And Authentication
User Account And Authentication
User Account And Authentication
User Account And Authentication
User Account And Authentication
User Account And Authentication
User Account And Authentication
User Account And Authentication
Uaa-Release
Uaa-Release
Elastic Runtime
Elastic Runtime
Elastic Runtime
Elastic Runtime
Affected Vendors
References (2)
Mitigation
https://pivotal.io/security/cve-2016-0732
Mitigation
https://pivotal.io/security/cve-2016-0732
58
/ 100
high-risk
Severity
30/34 · Critical
Exploitability
2/34 · Minimal
Exposure
26/34 · High