CVE-2016-0732

Published on: 09/07/2017 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:13 PM UTC

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Certain versions of Cloud Foundry from Pivotal contain the following vulnerability:

The identity zones feature in Pivotal Cloud Foundry 208 through 229; UAA 2.0.0 through 2.7.3 and 3.0.0; UAA-Release 2 through 4, when configured with multiple identity zones; and Elastic Runtime 1.6.0 through 1.6.13 allows remote authenticated users with privileges in one zone to gain privileges and perform operations on a different zone via unspecified vectors.

  • CVE-2016-0732 has been assigned by [email protected] to track the vulnerability - currently rated as HIGH severity.

CVSS3 Score: 8.8 - HIGH

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
NETWORK LOW LOW NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED HIGH HIGH HIGH

CVSS2 Score: 6.5 - MEDIUM

Access
Vector
Access
Complexity
Authentication
NETWORK LOW SINGLE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
PARTIAL PARTIAL PARTIAL

CVE References

Description Tags Link
CVE-2016-0732 Privilege Escalation | Security | Pivotal Mitigation
Vendor Advisory
pivotal.io
text/html
URL Logo CONFIRM pivotal.io/security/cve-2016-0732

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationPivotalCloud Foundry208AllAllAll
ApplicationPivotalCloud Foundry229AllAllAll
ApplicationPivotalCloud Foundry208AllAllAll
ApplicationPivotalCloud Foundry229AllAllAll
ApplicationPivotalElastic Runtime1.6.0AllAllAll
ApplicationPivotalElastic Runtime1.6.1AllAllAll
ApplicationPivotalElastic Runtime1.6.10AllAllAll
ApplicationPivotalElastic Runtime1.6.11AllAllAll
ApplicationPivotalElastic Runtime1.6.12AllAllAll
ApplicationPivotalElastic Runtime1.6.13AllAllAll
ApplicationPivotalElastic Runtime1.6.2AllAllAll
ApplicationPivotalElastic Runtime1.6.3AllAllAll
ApplicationPivotalElastic Runtime1.6.4AllAllAll
ApplicationPivotalElastic Runtime1.6.5AllAllAll
ApplicationPivotalElastic Runtime1.6.6AllAllAll
ApplicationPivotalElastic Runtime1.6.7AllAllAll
ApplicationPivotalElastic Runtime1.6.8AllAllAll
ApplicationPivotalElastic Runtime1.6.9AllAllAll
ApplicationPivotalElastic Runtime1.6.0AllAllAll
ApplicationPivotalElastic Runtime1.6.1AllAllAll
ApplicationPivotalElastic Runtime1.6.10AllAllAll
ApplicationPivotalElastic Runtime1.6.11AllAllAll
ApplicationPivotalElastic Runtime1.6.12AllAllAll
ApplicationPivotalElastic Runtime1.6.13AllAllAll
ApplicationPivotalElastic Runtime1.6.2AllAllAll
ApplicationPivotalElastic Runtime1.6.3AllAllAll
ApplicationPivotalElastic Runtime1.6.4AllAllAll
ApplicationPivotalElastic Runtime1.6.5AllAllAll
ApplicationPivotalElastic Runtime1.6.6AllAllAll
ApplicationPivotalElastic Runtime1.6.7AllAllAll
ApplicationPivotalElastic Runtime1.6.8AllAllAll
ApplicationPivotalElastic Runtime1.6.9AllAllAll
ApplicationPivotalUaa2.0.0AllAllAll
ApplicationPivotalUaa2.0.1AllAllAll
ApplicationPivotalUaa2.0.2AllAllAll
ApplicationPivotalUaa2.0.3AllAllAll
ApplicationPivotalUaa2.1.0AllAllAll
ApplicationPivotalUaa2.2.0AllAllAll
ApplicationPivotalUaa2.2.1AllAllAll
ApplicationPivotalUaa2.2.2AllAllAll
ApplicationPivotalUaa2.2.3AllAllAll
ApplicationPivotalUaa2.2.4AllAllAll
ApplicationPivotalUaa2.2.4.1AllAllAll
ApplicationPivotalUaa2.2.5AllAllAll
ApplicationPivotalUaa2.2.5.2AllAllAll
ApplicationPivotalUaa2.2.5.3AllAllAll
ApplicationPivotalUaa2.2.6AllAllAll
ApplicationPivotalUaa2.3.0AllAllAll
ApplicationPivotalUaa2.3.1AllAllAll
ApplicationPivotalUaa2.3.1.1AllAllAll
ApplicationPivotalUaa2.4.0AllAllAll
ApplicationPivotalUaa2.4.1AllAllAll
ApplicationPivotalUaa2.5.0AllAllAll
ApplicationPivotalUaa2.5.1AllAllAll
ApplicationPivotalUaa2.5.2AllAllAll
ApplicationPivotalUaa2.6.0AllAllAll
ApplicationPivotalUaa2.6.1AllAllAll
ApplicationPivotalUaa2.6.2AllAllAll
ApplicationPivotalUaa2.7.0AllAllAll
ApplicationPivotalUaa2.7.0.1AllAllAll
ApplicationPivotalUaa2.7.0.2AllAllAll
ApplicationPivotalUaa2.7.0.3AllAllAll
ApplicationPivotalUaa2.7.1AllAllAll
ApplicationPivotalUaa2.7.2AllAllAll
ApplicationPivotalUaa2.7.3AllAllAll
ApplicationPivotalUaa2.0.0AllAllAll
ApplicationPivotalUaa2.0.1AllAllAll
ApplicationPivotalUaa2.0.2AllAllAll
ApplicationPivotalUaa2.0.3AllAllAll
ApplicationPivotalUaa2.1.0AllAllAll
ApplicationPivotalUaa2.2.0AllAllAll
ApplicationPivotalUaa2.2.1AllAllAll
ApplicationPivotalUaa2.2.2AllAllAll
ApplicationPivotalUaa2.2.3AllAllAll
ApplicationPivotalUaa2.2.4AllAllAll
ApplicationPivotalUaa2.2.4.1AllAllAll
ApplicationPivotalUaa2.2.5AllAllAll
ApplicationPivotalUaa2.2.5.2AllAllAll
ApplicationPivotalUaa2.2.5.3AllAllAll
ApplicationPivotalUaa2.2.6AllAllAll
ApplicationPivotalUaa2.3.0AllAllAll
ApplicationPivotalUaa2.3.1AllAllAll
ApplicationPivotalUaa2.3.1.1AllAllAll
ApplicationPivotalUaa2.4.0AllAllAll
ApplicationPivotalUaa2.4.1AllAllAll
ApplicationPivotalUaa2.5.0AllAllAll
ApplicationPivotalUaa2.5.1AllAllAll
ApplicationPivotalUaa2.5.2AllAllAll
ApplicationPivotalUaa2.6.0AllAllAll
ApplicationPivotalUaa2.6.1AllAllAll
ApplicationPivotalUaa2.6.2AllAllAll
ApplicationPivotalUaa2.7.0AllAllAll
ApplicationPivotalUaa2.7.0.1AllAllAll
ApplicationPivotalUaa2.7.0.2AllAllAll
ApplicationPivotalUaa2.7.0.3AllAllAll
ApplicationPivotalUaa2.7.1AllAllAll
ApplicationPivotalUaa2.7.2AllAllAll
ApplicationPivotalUaa2.7.3AllAllAll
ApplicationPivotalUaa-release2AllAllAll
ApplicationPivotalUaa-release3AllAllAll
ApplicationPivotalUaa-release4AllAllAll
ApplicationPivotalUaa-release2AllAllAll
ApplicationPivotalUaa-release3AllAllAll
ApplicationPivotalUaa-release4AllAllAll
  • cpe:2.3:a:pivotal:cloud_foundry:208:*:*:*:*:*:*:*:
  • cpe:2.3:a:pivotal:cloud_foundry:229:*:*:*:*:*:*:*:
  • cpe:2.3:a:pivotal:cloud_foundry:208:*:*:*:*:*:*:*:
  • cpe:2.3:a:pivotal:cloud_foundry:229:*:*:*:*:*:*:*:
  • cpe:2.3:a:pivotal:elastic_runtime:1.6.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:pivotal:elastic_runtime:1.6.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:pivotal:elastic_runtime:1.6.10:*:*:*:*:*:*:*:
  • cpe:2.3:a:pivotal:elastic_runtime:1.6.11:*:*:*:*:*:*:*:
  • cpe:2.3:a:pivotal:elastic_runtime:1.6.12:*:*:*:*:*:*:*:
  • cpe:2.3:a:pivotal:elastic_runtime:1.6.13:*:*:*:*:*:*:*:
  • cpe:2.3:a:pivotal:elastic_runtime:1.6.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:pivotal:elastic_runtime:1.6.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:pivotal:elastic_runtime:1.6.4:*:*:*:*:*:*:*:
  • cpe:2.3:a:pivotal:elastic_runtime:1.6.5:*:*:*:*:*:*:*:
  • cpe:2.3:a:pivotal:elastic_runtime:1.6.6:*:*:*:*:*:*:*:
  • cpe:2.3:a:pivotal:elastic_runtime:1.6.7:*:*:*:*:*:*:*:
  • cpe:2.3:a:pivotal:elastic_runtime:1.6.8:*:*:*:*:*:*:*:
  • cpe:2.3:a:pivotal:elastic_runtime:1.6.9:*:*:*:*:*:*:*:
  • cpe:2.3:a:pivotal:elastic_runtime:1.6.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:pivotal:elastic_runtime:1.6.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:pivotal:elastic_runtime:1.6.10:*:*:*:*:*:*:*:
  • cpe:2.3:a:pivotal:elastic_runtime:1.6.11:*:*:*:*:*:*:*:
  • cpe:2.3:a:pivotal:elastic_runtime:1.6.12:*:*:*:*:*:*:*:
  • cpe:2.3:a:pivotal:elastic_runtime:1.6.13:*:*:*:*:*:*:*:
  • cpe:2.3:a:pivotal:elastic_runtime:1.6.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:pivotal:elastic_runtime:1.6.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:pivotal:elastic_runtime:1.6.4:*:*:*:*:*:*:*:
  • cpe:2.3:a:pivotal:elastic_runtime:1.6.5:*:*:*:*:*:*:*:
  • cpe:2.3:a:pivotal:elastic_runtime:1.6.6:*:*:*:*:*:*:*:
  • cpe:2.3:a:pivotal:elastic_runtime:1.6.7:*:*:*:*:*:*:*:
  • cpe:2.3:a:pivotal:elastic_runtime:1.6.8:*:*:*:*:*:*:*:
  • cpe:2.3:a:pivotal:elastic_runtime:1.6.9:*:*:*:*:*:*:*:
  • cpe:2.3:a:pivotal:uaa:2.0.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:pivotal:uaa:2.0.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:pivotal:uaa:2.0.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:pivotal:uaa:2.0.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:pivotal:uaa:2.1.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:pivotal:uaa:2.2.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:pivotal:uaa:2.2.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:pivotal:uaa:2.2.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:pivotal:uaa:2.2.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:pivotal:uaa:2.2.4:*:*:*:*:*:*:*:
  • cpe:2.3:a:pivotal:uaa:2.2.4.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:pivotal:uaa:2.2.5:*:*:*:*:*:*:*:
  • cpe:2.3:a:pivotal:uaa:2.2.5.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:pivotal:uaa:2.2.5.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:pivotal:uaa:2.2.6:*:*:*:*:*:*:*:
  • cpe:2.3:a:pivotal:uaa:2.3.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:pivotal:uaa:2.3.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:pivotal:uaa:2.3.1.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:pivotal:uaa:2.4.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:pivotal:uaa:2.4.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:pivotal:uaa:2.5.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:pivotal:uaa:2.5.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:pivotal:uaa:2.5.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:pivotal:uaa:2.6.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:pivotal:uaa:2.6.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:pivotal:uaa:2.6.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:pivotal:uaa:2.7.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:pivotal:uaa:2.7.0.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:pivotal:uaa:2.7.0.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:pivotal:uaa:2.7.0.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:pivotal:uaa:2.7.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:pivotal:uaa:2.7.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:pivotal:uaa:2.7.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:pivotal:uaa:2.0.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:pivotal:uaa:2.0.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:pivotal:uaa:2.0.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:pivotal:uaa:2.0.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:pivotal:uaa:2.1.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:pivotal:uaa:2.2.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:pivotal:uaa:2.2.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:pivotal:uaa:2.2.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:pivotal:uaa:2.2.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:pivotal:uaa:2.2.4:*:*:*:*:*:*:*:
  • cpe:2.3:a:pivotal:uaa:2.2.4.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:pivotal:uaa:2.2.5:*:*:*:*:*:*:*:
  • cpe:2.3:a:pivotal:uaa:2.2.5.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:pivotal:uaa:2.2.5.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:pivotal:uaa:2.2.6:*:*:*:*:*:*:*:
  • cpe:2.3:a:pivotal:uaa:2.3.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:pivotal:uaa:2.3.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:pivotal:uaa:2.3.1.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:pivotal:uaa:2.4.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:pivotal:uaa:2.4.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:pivotal:uaa:2.5.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:pivotal:uaa:2.5.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:pivotal:uaa:2.5.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:pivotal:uaa:2.6.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:pivotal:uaa:2.6.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:pivotal:uaa:2.6.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:pivotal:uaa:2.7.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:pivotal:uaa:2.7.0.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:pivotal:uaa:2.7.0.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:pivotal:uaa:2.7.0.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:pivotal:uaa:2.7.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:pivotal:uaa:2.7.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:pivotal:uaa:2.7.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:pivotal:uaa-release:2:*:*:*:*:*:*:*:
  • cpe:2.3:a:pivotal:uaa-release:3:*:*:*:*:*:*:*:
  • cpe:2.3:a:pivotal:uaa-release:4:*:*:*:*:*:*:*:
  • cpe:2.3:a:pivotal:uaa-release:2:*:*:*:*:*:*:*:
  • cpe:2.3:a:pivotal:uaa-release:3:*:*:*:*:*:*:*:
  • cpe:2.3:a:pivotal:uaa-release:4:*:*:*:*:*:*:*: