CVE-2016-0781

Published May 25, 2017
Last updated 3 years ago
CVSS medium 6.1
Overview

Description: The UAA OAuth approval pages in Cloud Foundry v208 to v231, Login-server v1.6 to v1.14, UAA v2.0.0 to v2.7.4.1, UAA v3.0.0 to v3.2.0, UAA-Release v2 to v7 and Pivotal Elastic Runtime 1.6.x versions prior to 1.6.20 are vulnerable to an XSS attack by specifying malicious java script content in either the OAuth scopes (SCIM groups) or SCIM group descriptions.
Source: security_alert@emc.com
NVD status: Analyzed
Risk scores

CVSS 3.0

Type: Primary
Base score: 6.1
Impact score: 2.7
Exploitability score: 2.8
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Severity: MEDIUM
CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N
Weaknesses

nvd@nist.gov: CWE-79
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0B26A4D4-761B-417C-B88F-525F50A06E6D"
          },
          {
            "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B74EB16D-F061-4CD8-A37D-24FAC9CE22C9"
          },
          {
            "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "92741034-1A45-4B1A-8444-3488CA46EC0E"
          },
          {
            "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E716295D-4C12-48CD-816F-ADC4920863E7"
          },
          {
            "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2D0181FC-AD4C-4E4E-9F52-6B12E4370780"
          },
          {
            "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "07524E58-F47F-46E5-BF63-B1F11B193F97"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry:208:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "21CE9A23-D596-4C33-AD29-51AFB35A53BC"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry:209:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "68E4680C-235B-4DF3-B395-FC844F21B7E2"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry:210:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "10BBBDE6-72E0-4A36-AE57-85BFF7A03137"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry:211:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2CE52DC3-D982-4E81-AAD7-7CA9AB756AB2"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry:212:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "719F9D8D-704E-4883-A932-652999074E1B"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry:213:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AFB58BDC-9916-48F8-83BE-EDFE00835738"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry:214:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "51073766-5A57-4F50-AF35-3AD0041D2B09"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry:215:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5E0CA70B-BD79-4CB2-AFDC-D89981993CBF"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry:216:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C4179C04-0EFB-43E5-B690-E516C6F0634B"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry:217:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3770814F-FC94-467E-ACF4-89A9239B4893"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry:218:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ED374619-C2CE-4E74-BDE2-0B39D7C8A1E9"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry:219:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A1939DBF-E885-4CF1-9FF8-296A6ED1F241"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry:220:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CF5ED010-699D-48DE-AA2F-57E6CE682AF8"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry:221:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "68FE1621-874C-41F6-9A27-4C3E5F22C3A4"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry:222:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "82D4B35F-F760-4B6C-B289-411155CA6876"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry:223:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0C172BAC-2766-4B37-A19A-2EB25C68C38F"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry:224:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1A10DC4A-5682-476E-8A1C-8829D05FF248"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry:225:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DBF25D96-83C1-4D0D-A1F1-7D5805AB4EC7"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry:226:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "94473ECC-E916-4670-AB94-8EF3F4450643"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry:227:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "89D4528D-6644-44B0-B5AB-FB4480839EA2"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry:228:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "96AD7EC1-0490-4513-A5C1-6FCB0470529B"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry:229:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "744A61DF-A49E-4931-8DF1-21EB3AC56208"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry:230:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4D62EEBF-B07C-4838-BDCC-DB3F2D4CF6F6"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry:231:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "03D7EDBF-808E-4D12-AA77-A0720F08EB4C"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry:241:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FF6B386F-3363-45CE-8F6A-91FEA00D0E82"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F4CC5918-BC38-46E3-8000-5FE87A65C0E7"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "36926681-35F4-4619-9613-155DEEEA3C8F"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "41FF3C2B-E96F-4DF7-A5C4-703206CB729E"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F9CB3C2D-3080-4A3D-8D8D-1381B5D98920"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "782781EB-147C-4B00-84C5-1D8443BFA2D6"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "35A56755-EEB2-4C93-B180-3918A36965AA"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E4009F10-08AF-470B-B903-38B8A6DBF332"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2B2E8F04-53E6-4A3C-BE4B-8D0DDA22CA8C"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "790DAB24-893A-463F-8358-171DACD75074"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3645A1A8-4945-447F-A968-101D5938F9C8"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0E52C9B9-8F94-48D8-ADA6-96918F6AAD36"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.11:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3948FC2F-AF3B-4AF3-968D-F124D03A213A"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.12:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4BA44F9B-97D5-48C0-91E9-6D3FEC8B7773"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.13:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7B414F88-6541-48C6-B9D6-4DDA035A0037"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.14:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "66235C7F-D5EE-4989-8D24-6D0781954234"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.15:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "12E75B49-2419-4313-A648-B5283DA620E7"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.16:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EED70273-3FB2-4652-9AA2-10E2E9D581DE"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.17:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A2C07910-C462-46C1-83CB-39B3FD8D25BC"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.18:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C6B9243E-31EF-48AB-BAB5-CCC3704A219F"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.19:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2BCB1D4B-F44C-41A1-90CA-62FD37003A1F"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "002CACDF-D085-44B6-BE47-6FB61F1EB0D8",
            "versionEndIncluding": "2.7.4.1"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "03D97B63-F59C-47FD-9919-3B543F0C4BE9"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2BF268FB-5CAA-4441-A5EA-F65080A65815"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "597CA1EF-4E57-4676-B772-239EFB684C5F"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1D44FEC0-341E-4AD4-B0BC-0B10FDB6DB8C"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:login-server:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "60348882-C48C-434B-B311-A157E3BFC833"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]
Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References
