Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

Cloud Foundry v247 and earlier and UAA v3.9.2 & earlier and UAA bosh (uaa-release) v23 & earlier

Source -

CNA

CNA CVEs -

1

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
1Vulnerabilities found
CVE-2016-6659
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-8.1||HIGH
EPSS-0.32% / 54.73%
||
7 Day CHG~0.00%
Published-23 Dec, 2016 | 05:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cloud Foundry before 248; UAA 2.x before 2.7.4.12, 3.x before 3.6.5, and 3.7.x through 3.9.x before 3.9.3; and UAA bosh release (aka uaa-release) before 13.9 for UAA 3.6.5 and before 24 for UAA 3.9.3 allow attackers to gain privileges by accessing UAA logs and subsequently running a specially crafted application that interacts with a configured SAML provider.

Action-Not Available
Vendor-n/aCloud FoundryVMware (Broadcom Inc.)
Product-cloud_foundrycloud_foundry_uaacloud_foundry_uaa_boshCloud Foundry v247 and earlier and UAA v3.9.2 & earlier and UAA bosh (uaa-release) v23 & earlier
CWE ID-CWE-287
Improper Authentication