CVE-2016-6659
HIGHCloud Foundry <248, UAA 2.x <2.7.4.12, 3.x <3.6.5, 3.7.x <3.9.3 - P...
Title source: llmDescription
Cloud Foundry before 248; UAA 2.x before 2.7.4.12, 3.x before 3.6.5, and 3.7.x through 3.9.x before 3.9.3; and UAA bosh release (aka uaa-release) before 13.9 for UAA 3.6.5 and before 24 for UAA 3.9.3 allow attackers to gain privileges by accessing UAA logs and subsequently running a specially crafted application that interacts with a configured SAML provider.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://www.cloudfoundry.org/cve-2016-6659/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/95085
Scores
CVSS v3
8.1
EPSS
0.0114
EPSS Percentile
62.7%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-287
Status
published
Products (4)
cloudfoundry/cloud_foundry_uaa_bosh
< 23.0
n/a/Cloud Foundry v247 and earlier and UAA v3.9.2 & earlier and UAA bosh (uaa-release) v23 & earlier
Cloud Foundry v247 and earlier and UAA v3.9.2 & earlier and UAA bosh (uaa-release) v23 & earlier
pivotal_software/cloud_foundry
< 247.0
pivotal_software/cloud_foundry_uaa
< 3.9.2
Published
Dec 23, 2016
Tracked Since
Feb 18, 2026