Description
An open redirect vulnerability has been detected with some Pivotal Cloud Foundry Elastic Runtime components. Users of affected versions should apply the following mitigation: Upgrade PCF Elastic Runtime 1.8.x versions to 1.8.12 or later. Upgrade PCF Ops Manager 1.7.x versions to 1.7.18 or later and 1.8.x versions to 1.8.10 or later.
References (2)
Core 2
Core References
Mitigation, Vendor Advisory x_refsource_confirm
https://pivotal.io/security/cve-2016-6657
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/94126
Scores
CVSS v3
7.4
EPSS
0.0105
EPSS Percentile
59.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N
Details
CWE
CWE-601
Status
published
Products (44)
n/a/PCF Elastic Runtime 1.8.x versions prior to 1.8.12 and PCF Ops Manager 1.7.x versions prior to 1.7.18 and 1.8.x versions prior to 1.8.10
PCF Elastic Runtime 1.8.x versions prior to 1.8.12 and PCF Ops Manager 1.7.x versions prior to 1.7.1
pivotal_software/cloud_foundry_elastic_runtime
1.8.0
pivotal_software/cloud_foundry_elastic_runtime
1.8.1
pivotal_software/cloud_foundry_elastic_runtime
1.8.2
pivotal_software/cloud_foundry_elastic_runtime
1.8.3
pivotal_software/cloud_foundry_elastic_runtime
1.8.4
pivotal_software/cloud_foundry_elastic_runtime
1.8.5
pivotal_software/cloud_foundry_elastic_runtime
1.8.6
pivotal_software/cloud_foundry_elastic_runtime
1.8.7
pivotal_software/cloud_foundry_elastic_runtime
1.8.8
... and 34 more
Published
Dec 16, 2016
Tracked Since
Feb 18, 2026