CVE-2016-9880

Published: Mar 16, 2018Modified: Nov 21, 2024

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

The GemFire broker for Cloud Foundry 1.6.x before 1.6.5 and 1.7.x before 1.7.1 has multiple API endpoints which do not require authentication and could be used to gain access to the cluster managed by the broker.

Affected (2)

Products: Pivotal Software: Gemfire For Pivotal Cloud Foundry

Pivotal Software

1 product

Gemfire For Pivotal Cloud Foundry

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Pivotal Software Gemfire For Pivotal Cloud Foundry	From 1.6.0 to 1.6.5
Pivotal Software Gemfire For Pivotal Cloud Foundry	Version 1.7.0

Related CWEs

CWE-287

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (4)

http://www.securityfocus.com/bid/96146

Source: security_alert@emc.com

Third Party AdvisoryVDB Entry

https://pivotal.io/security/cve-2016-9880

Source: security_alert@emc.com

Vendor Advisory

http://www.securityfocus.com/bid/96146

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://pivotal.io/security/cve-2016-9880

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.