CVE-2016-4435 — CRITICAL (9.0)

Q: How severe is CVE-2016-4435?

CVE-2016-4435 has been rated CRITICAL with a CVSS base score of 9.0/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2016-4435?

Check the references section above for vendor advisories and patch information. Affected products include: Pivotal Bosh Stemcell.

Vulnerability Description

An endpoint of the Agent running on the BOSH Director VM with stemcell versions prior to 3232.6 and 3146.13 may allow unauthenticated clients to read or write blobs or cause a denial of service attack on the Director VM. This vulnerability requires that the unauthenticated clients guess or find a URL matching an existing GUID.

CVSS Score

9.0

CRITICAL

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Pivotal	Bosh Stemcell	<= 3232.4

Related Weaknesses (CWE)

CWE-264

References

https://pivotal.io/security/cve-2016-4435Third Party Advisory
https://pivotal.io/security/cve-2016-4435Third Party Advisory

FAQ

What is CVE-2016-4435?

CVE-2016-4435 is a vulnerability with a CVSS score of 9.0 (CRITICAL). An endpoint of the Agent running on the BOSH Director VM with stemcell versions prior to 3232.6 and 3146.13 may allow unauthenticated clients to read or write blobs or cause a denial of service attack...

How severe is CVE-2016-4435?

CVE-2016-4435 has been rated CRITICAL with a CVSS base score of 9.0/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2016-4435?

Check the references section above for vendor advisories and patch information. Affected products include: Pivotal Bosh Stemcell.