Vulnerability Description
The identity zones feature in Pivotal Cloud Foundry 208 through 229; UAA 2.0.0 through 2.7.3 and 3.0.0; UAA-Release 2 through 4, when configured with multiple identity zones; and Elastic Runtime 1.6.0 through 1.6.13 allows remote authenticated users with privileges in one zone to gain privileges and perform operations on a different zone via unspecified vectors.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cloudfoundry | Cf-Release | >= 208, <= 229 |
| Cloudfoundry | User Account And Authentication | 2.0.0 |
| Cloudfoundry | Uaa-Release | 2 |
| Pivotal | Elastic Runtime | 1.6.0 |
Related Weaknesses (CWE)
References
- https://pivotal.io/security/cve-2016-0732MitigationVendor Advisory
- https://pivotal.io/security/cve-2016-0732MitigationVendor Advisory
FAQ
What is CVE-2016-0732?
CVE-2016-0732 is a vulnerability with a CVSS score of 8.8 (HIGH). The identity zones feature in Pivotal Cloud Foundry 208 through 229; UAA 2.0.0 through 2.7.3 and 3.0.0; UAA-Release 2 through 4, when configured with multiple identity zones; and Elastic Runtime 1.6.0...
How severe is CVE-2016-0732?
CVE-2016-0732 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-0732?
Check the references section above for vendor advisories and patch information. Affected products include: Cloudfoundry Cf-Release, Cloudfoundry User Account And Authentication, Cloudfoundry Uaa-Release, Pivotal Elastic Runtime.