Back to search
CVE-2016-6659
Published: Dec 23, 2016
Modified: Aug 6, 2024
PUBLISHED
Description
Cloud Foundry before 248; UAA 2.x before 2.7.4.12, 3.x before 3.6.5, and 3.7.x through 3.9.x before 3.9.3; and UAA bosh release (aka uaa-release) before 13.9 for UAA 3.6.5 and before 24 for UAA 3.9.3 allow attackers to gain privileges by accessing UAA logs and subsequently running a specially crafted application that interacts with a configured SAML provider.
| Vendor | Product | Versions |
|---|---|---|
n/a | Cloud Foundry v247 and earlier and UAA v3.9.2 & earlier and UAA bosh (uaa-release) v23 & earlier | affected Cloud Foundry v247 and earlier and UAA v3.9.2 & earlier and UAA bosh (uaa-release) v23 & earlier |
References
https://www.cloudfoundry.org/cve-2016-6659/
x_refsource_CONFIRM
95085
vdb-entry
x_refsource_BID
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now