← Back

CVE-2016-0732

nvd nist
Published: Sep 7, 2017Modified: May 13, 2026

JSON object

Loading...
8.8
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

The identity zones feature in Pivotal Cloud Foundry 208 through 229; UAA 2.0.0 through 2.7.3 and 3.0.0; UAA-Release 2 through 4, when configured with multiple identity zones; and Elastic Runtime 1.6.0 through 1.6.13 allows remote authenticated users with privileges in one zone to gain privileges and perform operations on a different zone via unspecified vectors.

Affected (51)

Cloudfoundry
3 products
Cf Release
User Account And Authentication
Uaa Release
Pivotal
1 product
Elastic Runtime
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Cf Release
From 208 to 229
Configuration B
33 vulnerable
Vulnerable SoftwareAffected Versions
Cloudfoundry
User Account And Authentication
Version 2.0.0
User Account And Authentication
Version 2.0.1
User Account And Authentication
Version 2.0.2
User Account And Authentication
Version 2.0.3
User Account And Authentication
Version 2.1.0
User Account And Authentication
Version 2.2.0
User Account And Authentication
Version 2.2.1
User Account And Authentication
Version 2.2.2
User Account And Authentication
Version 2.2.3
User Account And Authentication
Version 2.2.4.1
User Account And Authentication
Version 2.2.4
User Account And Authentication
Version 2.2.5.2
User Account And Authentication
Version 2.2.5.3
User Account And Authentication
Version 2.2.5
User Account And Authentication
Version 2.2.6
User Account And Authentication
Version 2.3.0
User Account And Authentication
Version 2.3.1.1
User Account And Authentication
Version 2.3.1
User Account And Authentication
Version 2.4.0
User Account And Authentication
Version 2.4.1
User Account And Authentication
Version 2.5.0
User Account And Authentication
Version 2.5.1
User Account And Authentication
Version 2.5.2
User Account And Authentication
Version 2.6.0
User Account And Authentication
Version 2.6.1
User Account And Authentication
Version 2.6.2
User Account And Authentication
Version 2.7.0.1
User Account And Authentication
Version 2.7.0.2
User Account And Authentication
Version 2.7.0.3
User Account And Authentication
Version 2.7.0
User Account And Authentication
Version 2.7.1
User Account And Authentication
Version 2.7.2
User Account And Authentication
Version 2.7.3
Configuration C
3 vulnerable
Vulnerable SoftwareAffected Versions
Cloudfoundry
Uaa Release
Version 2
Uaa Release
Version 3
Uaa Release
Version 4
Configuration D
14 vulnerable
Vulnerable SoftwareAffected Versions
Pivotal
Elastic Runtime
Version 1.6.0
Elastic Runtime
Version 1.6.10
Elastic Runtime
Version 1.6.11
Elastic Runtime
Version 1.6.12
Elastic Runtime
Version 1.6.13
Elastic Runtime
Version 1.6.1
Elastic Runtime
Version 1.6.2
Elastic Runtime
Version 1.6.3
Elastic Runtime
Version 1.6.4
Elastic Runtime
Version 1.6.5
Elastic Runtime
Version 1.6.6
Elastic Runtime
Version 1.6.7
Elastic Runtime
Version 1.6.8
Elastic Runtime
Version 1.6.9

Related CWEs

CWE-269
Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (2)

Source: secalert@redhat.com
MitigationVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
MitigationVendor Advisory

Timeline

No history available yet.