Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2016-9880

The GemFire broker for Cloud Foundry 1.6.x before 1.6.5 and 1.7.x before 1.7.1 has multiple API endpoints which do not require authentication and could be used to gain access to the cluster managed by the broker.

Published

2018-03-16T20:29:00.227

Last Modified

2024-11-21T03:01:56.610

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 9.8 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

6.4

Weaknesses

Type: Primary
CWE-287

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	pivotal_software	gemfire_for_pivotal_cloud_foundry	< 1.6.5	Yes
Application	pivotal_software	gemfire_for_pivotal_cloud_foundry	1.7.0	Yes

References

http://www.securityfocus.com/bid/96146 Third Party Advisory, VDB Entry ([email protected])
https://pivotal.io/security/cve-2016-9880 Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/96146 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://pivotal.io/security/cve-2016-9880 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)